Merge "Grant CAP_SYS_NICE to processes that need it." into oc-dev
diff --git a/private/adbd.te b/private/adbd.te
index b402335..52597eb 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -106,6 +106,9 @@
allow adbd property_contexts_file:file r_file_perms;
allow adbd sepolicy_file:file r_file_perms;
+# Allow pulling config.gz for CTS purposes
+allow adbd config_gz:file r_file_perms;
+
allow adbd surfaceflinger_service:service_manager find;
allow adbd bootchart_data_file:dir search;
allow adbd bootchart_data_file:file r_file_perms;
diff --git a/private/shell.te b/private/shell.te
index c0b4ee5..fbd9676 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -7,6 +7,9 @@
allow shell debugfs_trace_marker:file getattr;
allow shell atrace_exec:file rx_file_perms;
+# read config.gz for CTS purposes
+allow shell config_gz:file r_file_perms;
+
userdebug_or_eng(`
allow shell tracing_shell_writable_debug:file rw_file_perms;
')
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 5b1a4df..33330bf 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -20,6 +20,8 @@
# Needed to provide debug dump output via dumpsys' pipes.
allow hal_audio shell:fd use;
allow hal_audio shell:fifo_file write;
+allow hal_audio dumpstate:fd use;
+allow hal_audio dumpstate:fifo_file write;
###
### neverallow rules