Merge "Add network watchlist service SELinux policy rules"
diff --git a/private/file_contexts b/private/file_contexts
index 5471638..3e3acec 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -230,7 +230,7 @@
/system/bin/pppd u:object_r:ppp_exec:s0
/system/bin/racoon u:object_r:racoon_exec:s0
/system/xbin/su u:object_r:su_exec:s0
-/system/xbin/perfprofd u:object_r:perfprofd_exec:s0
+/system/bin/perfprofd u:object_r:perfprofd_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/healthd u:object_r:healthd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
diff --git a/private/system_server.te b/private/system_server.te
index 65fb7de..2102391 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -727,7 +727,7 @@
# System server never reads the actual content. It passes the descriptor to
# to privileged apps which acquire the permissions to inspect the profiles.
allow system_server user_profile_data_file:dir { search };
-allow system_server user_profile_data_file:file { open read };
+allow system_server user_profile_data_file:file { getattr open read };
###
### Neverallow rules
diff --git a/public/init.te b/public/init.te
index 9792522..11953a4 100644
--- a/public/init.te
+++ b/public/init.te
@@ -23,7 +23,7 @@
allow init property_type:file { create_file_perms relabelto };
# /dev/event-log-tags
allow init device:file relabelfrom;
-allow init runtime_event_log_tags_file:file { open write setattr relabelto };
+allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
# /dev/socket
allow init { device socket_device }:dir relabelto;
# /dev/random, /dev/urandom