Merge "Don't audit audit_access denials to /dev/binder"
diff --git a/private/system_suspend.te b/private/system_suspend.te
index e93a73d..961cd67 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -10,6 +10,11 @@
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
+# TODO(b/128923994): remove once all debugging info moves to SystemSuspend.
+# Access to /sys/power/{ wake_lock, wake_unlock } suspend blocker interface.
+allow system_suspend self:global_capability2_class_set block_suspend;
+allow system_suspend sysfs_wake_lock:file rw_file_perms;
+
neverallow {
domain
-atrace # tracing
diff --git a/public/attributes b/public/attributes
index 4cae0ff..dbb9356 100644
--- a/public/attributes
+++ b/public/attributes
@@ -308,3 +308,6 @@
attribute mediaswcodec_server;
attribute system_suspend_server;
attribute camera_service_server;
+
+# All types used for super partition block devices.
+attribute super_block_device_type;
diff --git a/public/device.te b/public/device.te
index 57b0503..41b4edb 100644
--- a/public/device.te
+++ b/public/device.te
@@ -104,4 +104,4 @@
type misc_block_device, dev_type;
# 'super' partition to be used for logical partitioning.
-type super_block_device, dev_type;
+type super_block_device, super_block_device_type, dev_type;