Merge "system_server: allow appendable file descriptors" am: 184851a2 am:...

Merge "system_server: allow appendable file descriptors" am: 184851a2 am: a9aac6a9 am: e3f33e98 am: 2c758812 Change-Id: I90cfe95a5bc314645257ce85693546bc409046dc

Merge "system_server: allow appendable file descriptors" am: 184851a2 am:...
5093b927 · Nick Kralevich · android-build-merger · 69103378 · 2c758812 · 5093b927
Commit 5093b927 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -200,7 +200,7 @@ allow system_server sysfs_thermal:dir search;
 allow system_server sysfs_thermal:file r_file_perms;
 # TODO: Remove when HALs are forced into separate processes
-allow system_server sysfs_vibrator:file write;
+allow system_server sysfs_vibrator:file { write append };
 # TODO: added to match above sysfs rule. Remove me?
 allow system_server sysfs_usb:file w_file_perms;
@@ -308,10 +308,10 @@ allow system_server system_app_data_file:file create_file_perms;
 # Receive and use open app data files passed over binder IPC.
 # Types extracted from seapp_contexts type= fields.
-allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:file { getattr read write };
+allow system_server { system_app_data_file bluetooth_data_file nfc_data_file radio_data_file shell_data_file app_data_file }:file { getattr read write append };
 # Receive and use open /data/media files passed over binder IPC.
-allow system_server media_rw_data_file:file { getattr read write };
+allow system_server media_rw_data_file:file { getattr read write append };
 # Relabel apk files.
 allow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto };