Merge "Allow system server to write profile snapshots in /data/misc/profman" into pi-dev
diff --git a/prebuilts/api/28.0/private/audioserver.te b/prebuilts/api/28.0/private/audioserver.te
index a82cfec..1d4223f 100644
--- a/prebuilts/api/28.0/private/audioserver.te
+++ b/prebuilts/api/28.0/private/audioserver.te
@@ -35,6 +35,7 @@
allow audioserver permission_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/prebuilts/api/28.0/public/mediaextractor.te b/prebuilts/api/28.0/public/mediaextractor.te
index 44387fd..b055462 100644
--- a/prebuilts/api/28.0/public/mediaextractor.te
+++ b/prebuilts/api/28.0/public/mediaextractor.te
@@ -22,10 +22,8 @@
crash_dump_fallback(mediaextractor)
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
# allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
diff --git a/prebuilts/api/28.0/public/property_contexts b/prebuilts/api/28.0/public/property_contexts
index 4f43b8e..073b243 100644
--- a/prebuilts/api/28.0/public/property_contexts
+++ b/prebuilts/api/28.0/public/property_contexts
@@ -143,6 +143,7 @@
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
diff --git a/private/audioserver.te b/private/audioserver.te
index a82cfec..1d4223f 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -35,6 +35,7 @@
allow audioserver permission_service:service_manager find;
allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
+allow audioserver mediametrics_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 44387fd..b055462 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -22,10 +22,8 @@
crash_dump_fallback(mediaextractor)
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
# allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
allow mediaextractor media_rw_data_file:file { getattr read };
allow mediaextractor app_data_file:file { getattr read };
diff --git a/public/property_contexts b/public/property_contexts
index 4f43b8e..073b243 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -143,6 +143,7 @@
aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int
aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int
aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int
+ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int
drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool
dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool