Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_external_sepolicy into mm6.0

3 files changed, 5 insertions, 1 deletions

diff --git a/binderservicedomain.te b/binderservicedomain.te
index 0bfd33a..36993eb 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
 allow binderservicedomain appdomain:fd use;
 allow binderservicedomain appdomain:fifo_file write;
 
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
 allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
 
 use_keystore(binderservicedomain)
diff --git a/bluetooth.te b/bluetooth.te
index a79023d..f77bd0d 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -70,4 +70,4 @@ allow bluetooth shell_data_file:file read;
 # Superuser capabilities.
 # bluetooth requires net_admin and wake_alarm.
 neverallow bluetooth self:capability ~net_admin;
-neverallow bluetooth self:capability2 ~wake_alarm;
+neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
diff --git a/untrusted_app.te b/untrusted_app.te
index 2aa1495..fb76317 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -84,6 +84,7 @@ allow untrusted_app cache_file:file create_file_perms;
 allow untrusted_app servicemanager:service_manager list;
 
 allow untrusted_app drmserver_service:service_manager find;
+allow untrusted_app healthd_service:service_manager find;
 allow untrusted_app mediaserver_service:service_manager find;
 allow untrusted_app nfc_service:service_manager find;
 allow untrusted_app radio_service:service_manager find;