Snap for 4801384 from b5e493d8 to pi-release

Change-Id: Id6fb5c76d1d804b80a46cd7596f70addfaaeac5f

Snap for 4801384 from b5e493d8 to pi-release
bd743354 · android-build-team Robot · 774378fc · b5e493d8 · bd743354 · bd743354
Commit bd743354 authored May 24, 2018 by android-build-team Robot
--- a/prebuilts/api/28.0/private/bpfloader.te
+++ b/prebuilts/api/28.0/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+dontaudit bpfloader self:capability sys_admin;
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -214,7 +214,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
  } {
    bluetooth_prop
  }:property_service set;
@@ -223,7 +223,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
    -vendor_init
  } {
    exported_bluetooth_prop
@@ -232,7 +232,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
  } {
    wifi_prop
@@ -241,7 +241,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
    -vendor_init
  } {
@@ -293,7 +293,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
  } {
    bluetooth_prop
  }:file no_rw_file_perms;
@@ -301,7 +301,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
  } {
    wifi_prop

--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -26,3 +26,5 @@ neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_
 neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *;
 # only system_server, netd and bpfloader can read/write the bpf maps
 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
+dontaudit bpfloader self:capability sys_admin;
--- a/public/property.te
+++ b/public/property.te
@@ -214,7 +214,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
  } {
    bluetooth_prop
  }:property_service set;
@@ -223,7 +223,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
    -vendor_init
  } {
    exported_bluetooth_prop
@@ -232,7 +232,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
  } {
    wifi_prop
@@ -241,7 +241,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
    -vendor_init
  } {
@@ -293,7 +293,7 @@ compatible_property_only(`
    domain
    -coredomain
    -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
  } {
    bluetooth_prop
  }:file no_rw_file_perms;
@@ -301,7 +301,7 @@ compatible_property_only(`
  neverallow {
    domain
    -coredomain
-    -hal_wifi
+    -hal_wifi_server
    -wificond
  } {
    wifi_prop