Merge "Allow odrefresh to use userfaultfd"
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index a7a53f1..d87df40 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -423,12 +423,6 @@
coredomain
} vendor_service:service_manager add;
-neverallow {
- domain
- -tombstoned
- -crash_dump
-} tombstoned_crash_socket:unix_stream_socket connectto;
-
# Never allow anyone to connect or write to
# the tombstoned intercept socket.
neverallow { domain } tombstoned_intercept_socket:sock_file write;
diff --git a/private/property_contexts b/private/property_contexts
index 1bc3cb1..04e77e4 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -584,6 +584,7 @@
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
+ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
ro.config.per_app_memcg u:object_r:lmkd_config_prop:s0 exact bool
ro.lmk.critical u:object_r:lmkd_config_prop:s0 exact int
diff --git a/public/domain.te b/public/domain.te
index a98e369..0edd887 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1029,19 +1029,7 @@
neverallow { domain -system_server } webview_zygote:sock_file write;
neverallow { domain -system_server } app_zygote:sock_file write;
-neverallow {
- domain
- -tombstoned
- -crash_dump
- -dumpstate
- -incidentd
- -system_server
-
- # Processes that can't exec crash_dump
- -hal_codec2_server
- -hal_omx_server
- -mediaextractor
-} tombstoned_crash_socket:unix_stream_socket connectto;
+neverallow domain tombstoned_crash_socket:unix_stream_socket connectto;
# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
# the tombstoned intercept socket.