am ac664270: Merge "Only auditallow unlabeled accesses not allowed elsewhere."

* commit 'ac664270':
  Only auditallow unlabeled accesses not allowed elsewhere.

domain.te

@@ -150,11 +150,18 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 #
 allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
 allow domain unlabeled:dir { create_dir_perms relabelfrom };
-auditallow { domain -init -installd } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
-auditallow { domain -init -kernel -installd } unlabeled:dir { create_dir_perms relabelfrom };
+auditallow { domain -init -installd -vold -system_server } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
+auditallow { domain -init -kernel -installd -vold -system_server } unlabeled:dir { create_dir_perms relabelfrom };
 auditallow kernel unlabeled:dir ~search;
-auditallow installd unlabeled:dir ~{ getattr search relabelfrom };
-auditallow installd unlabeled:notdevfile_class_set ~{ getattr relabelfrom };
+auditallow installd unlabeled:dir ~{ getattr search relabelfrom rw_dir_perms rmdir };
+auditallow installd unlabeled:file ~{ r_file_perms getattr relabelfrom rename unlink setattr };
+auditallow installd unlabeled:{ lnk_file sock_file fifo_file } ~{ getattr relabelfrom rename unlink setattr };
+auditallow vold unlabeled:dir ~{ r_dir_perms setattr relabelfrom };
+auditallow vold unlabeled:file ~{ r_file_perms setattr relabelfrom };
+auditallow vold unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
+auditallow system_server unlabeled:dir ~r_dir_perms;
+auditallow system_server unlabeled:file ~r_file_perms;
+auditallow system_server unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
 
 ###
 ### neverallow rules