Merge "Allow vendor_init_settable for persist.sys.sf.native_mode"
diff --git a/public/dex2oat.te b/public/dex2oat.te
index 47f3bcb..608ba79 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -44,7 +44,7 @@
allow dex2oat postinstall_file:dir { getattr search };
allow dex2oat postinstall_file:filesystem getattr;
-allow dex2oat postinstall_file:lnk_file read;
+allow dex2oat postinstall_file:lnk_file { getattr read };
# Allow dex2oat access to files in /data/ota.
allow dex2oat ota_data_file:dir ra_dir_perms;
diff --git a/public/perfprofd.te b/public/perfprofd.te
index 494e75b..f067af5 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -82,10 +82,12 @@
# simpleperf examines debugfs on startup to collect tracepoint event types
r_dir_file(perfprofd, debugfs_tracing)
- allow perfprofd debugfs_tracing_debug:file r_file_perms;
+ r_dir_file(perfprofd, debugfs_tracing_debug)
# simpleperf is going to execute "sleep"
allow perfprofd toolbox_exec:file rx_file_perms;
+ # simpleperf is going to execute "mv" on a temp file
+ allow perfprofd shell_exec:file rx_file_perms;
# needed for simpleperf on some kernels
allow perfprofd self:global_capability_class_set ipc_lock;
diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te
index 8881f44..8221530 100644
--- a/public/postinstall_dexopt.te
+++ b/public/postinstall_dexopt.te
@@ -9,7 +9,7 @@
allow postinstall_dexopt postinstall_file:filesystem getattr;
allow postinstall_dexopt postinstall_file:dir { getattr search };
-allow postinstall_dexopt postinstall_file:lnk_file read;
+allow postinstall_dexopt postinstall_file:lnk_file { getattr read };
allow postinstall_dexopt proc_filesystems:file { getattr open read };
allow postinstall_dexopt tmpfs:file read;