Update OMS patches

diff --git a/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch b/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch
index dec1591a5e070c8abc21714f5c8ed7a330eb62a2..fb40aa1fbda2f798637f3ba3e5bba1f556f62ec1 100644 (file)
--- a/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch
+++ b/patches/system/sepolicy/0001-OMS7-N-Add-service-overlay-to-service_contexts.patch
@@ -1,7 +1,7 @@
-From f60df3b40bef428241ee3d931568e8de816fef7e Mon Sep 17 00:00:00 2001
+From 1de70b8ad770aee39a1d6f3f7760c03758a7b989 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?M=C3=A5rten=20Kongstad?= <marten.kongstad@sonymobile.com>
 Date: Mon, 22 Jun 2015 09:31:25 +0200
-Subject: [PATCH 01/12] OMS7-N: Add service 'overlay' to service_contexts
+Subject: [PATCH 01/13] OMS7-N: Add service 'overlay' to service_contexts
 
 The 'overlay' service is the Overlay Manager Service, which tracks
 packages and their Runtime Resource Overlay overlay packages.
@@ -55,5 +55,5 @@ index 03a7ef3..3ca8182 100644
  allow system_server system_server_service:service_manager { add find };
  allow system_server surfaceflinger_service:service_manager find;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch b/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch
index 5db6628c2389497947362cddf5bce608fceea00b..f0906b84866d40002b14dfe555ea2502cb7e567c 100644 (file)
--- a/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch
+++ b/patches/system/sepolicy/0002-Introduce-sepolicy-exceptions-for-theme-assets.patch
@@ -1,7 +1,7 @@
-From a420610fb6940291fac20da7d7310b9fe942dfcb Mon Sep 17 00:00:00 2001
+From f3023ad17cc9aab41336d0c3c483033e2762ffdf Mon Sep 17 00:00:00 2001
 From: d34d <clark@cyngn.com>
 Date: Wed, 4 Jan 2017 10:29:34 -0800
-Subject: [PATCH 02/12] Introduce sepolicy exceptions for theme assets
+Subject: [PATCH 02/13] Introduce sepolicy exceptions for theme assets
 
 Assets such as composed icons and ringtones need to be accessed
 by apps. This patch adds the policy needed to facilitate this.
@@ -100,5 +100,5 @@ index c6b343c..c650c17 100644
 +allow zygote theme_data_file:file r_file_perms;
 +allow zygote theme_data_file:dir r_dir_perms;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch b/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch
index 227b21714d53a204e25dcc41221a5f208eb4e5be..55eaa99867edd1a48a3e8728ebb37042806aab6a 100644 (file)
--- a/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch
+++ b/patches/system/sepolicy/0003-sepolicy-fix-themed-boot-animation.patch
@@ -1,7 +1,7 @@
-From 1d859c985c4bea5656dd525b35885a1cd9cd15aa Mon Sep 17 00:00:00 2001
+From da9c8f029beadf84bbdc9be179409ea2ca9ddec4 Mon Sep 17 00:00:00 2001
 From: bigrushdog <randall.rushing@gmail.com>
 Date: Wed, 4 Jan 2017 10:31:29 -0800
-Subject: [PATCH 03/12] sepolicy: fix themed boot animation
+Subject: [PATCH 03/13] sepolicy: fix themed boot animation
 
 W BootAnimation: type=1400 audit(0.0:42): avc: denied { open } for uid=1003 path="/data/system/theme/bootanimation.zip" dev="mmcblk0p42" ino=1657697 scontext=u:r:bootanim:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
 
@@ -24,5 +24,5 @@ index 3ae9478..2356d81 100644
  allow bootanim theme_data_file:file r_file_perms;
 +allow bootanim system_data_file:file open;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch b/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch
index 2eed2be8d7bfe593c3b8d4db6c67836a64a643e6..e1d0f1ec567fed076ed16f759978b14bd4c1d37f 100644 (file)
--- a/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch
+++ b/patches/system/sepolicy/0004-sepolicy-fix-themed-sounds.patch
@@ -1,7 +1,7 @@
-From 43b569d877370cf0ea109cfdd57976c22a4eba91 Mon Sep 17 00:00:00 2001
+From 39d41be24e718c928a9ca7e21b103913f78ea6ac Mon Sep 17 00:00:00 2001
 From: George G <kreach3r@users.noreply.github.com>
 Date: Wed, 8 Feb 2017 17:22:44 +0200
-Subject: [PATCH 04/12] sepolicy: fix themed sounds
+Subject: [PATCH 04/13] sepolicy: fix themed sounds
 
 02-08 17:26:48.011 18259-18259/? W/SoundPoolThread: type=1400 audit(0.0:31): avc: denied { read } for path="/data/system/theme/audio/ui/Lock.ogg" dev="dm-0" ino=1006317 scontext=u:r:drmserver:s0 tcontext=u:object_r:theme_data_file:s0 tclass=file permissive=0
 
@@ -23,5 +23,5 @@ index 9130e0b..6d3883f 100644
 +allow drmserver theme_data_file:dir r_dir_perms;
 +allow drmserver theme_data_file:file r_file_perms;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch b/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch
index b29d9fda5de302689b192b5fef669096e1e6e5db..e7c70402c080b8931285b53661e563d0efa5bcc7 100644 (file)
--- a/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch
+++ b/patches/system/sepolicy/0005-initial-policy-edits-for-masquerade-to-operate-rootl.patch
@@ -1,7 +1,7 @@
-From d7c74a0c8d441ebd4db743a56bd22e01609d3c1c Mon Sep 17 00:00:00 2001
+From db29bf3d87f10c7c857ce15f1d33793b21aee8b7 Mon Sep 17 00:00:00 2001
 From: Surge1223 <surge1223@gmail.com>
 Date: Sat, 18 Feb 2017 08:46:15 -0600
-Subject: [PATCH 05/12] initial policy edits for masquerade to operate rootless
+Subject: [PATCH 05/13] initial policy edits for masquerade to operate rootless
 
 Change-Id: Iddfc408f206033772b9d49d335ca94e63b5e5210
 ---
@@ -27,10 +27,10 @@ index 3a2878d..661f67f 100644
  
  # Write to various other parts of /data.
 diff --git a/domain.te b/domain.te
-index a74833c..b18bfa7 100644
+index 59de1f1..f7ce715 100644
 --- a/domain.te
 +++ b/domain.te
-@@ -381,6 +381,7 @@ neverallow {
+@@ -385,6 +385,7 @@ neverallow {
    -init # TODO: limit init to relabelfrom for files
    -zygote
    -installd
@@ -38,7 +38,7 @@ index a74833c..b18bfa7 100644
    -postinstall_dexopt
    -cppreopts
    -dex2oat
-@@ -487,6 +488,7 @@ neverallow {
+@@ -491,6 +492,7 @@ neverallow {
    -system_server
    -system_app
    -init
@@ -126,5 +126,5 @@ index b9a72ed..c2a5320 100644
  ### neverallow rules
  ###
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch b/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch
index 7b051f3ee659942fe196eb5b170f59565e00f61d..54348c931ea4d977aeeb6667226d4141aed736af 100644 (file)
--- a/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch
+++ b/patches/system/sepolicy/0006-sepolicy-rename-masquerade-domain-and-allow-JobServi.patch
@@ -1,7 +1,7 @@
-From 7fb0e2bca061721e879e4dd05c0985fc003407d6 Mon Sep 17 00:00:00 2001
+From 20435b01f61fa357c6f2e52fe49a72ac351386bd Mon Sep 17 00:00:00 2001
 From: Surge1223 <surge1223@gmail.com>
 Date: Tue, 21 Feb 2017 12:28:05 -0600
-Subject: [PATCH 06/12] sepolicy: rename masquerade domain and allow JobService
+Subject: [PATCH 06/13] sepolicy: rename masquerade domain and allow JobService
  in system_server
 
 This attempts to address the issue of JobService being unable to process
@@ -42,10 +42,10 @@ index 661f67f..e6180e3 100644
  
  # Write to various other parts of /data.
 diff --git a/domain.te b/domain.te
-index b18bfa7..5bc5fcb 100644
+index f7ce715..b473da7 100644
 --- a/domain.te
 +++ b/domain.te
-@@ -381,7 +381,7 @@ neverallow {
+@@ -385,7 +385,7 @@ neverallow {
    -init # TODO: limit init to relabelfrom for files
    -zygote
    -installd
@@ -54,7 +54,7 @@ index b18bfa7..5bc5fcb 100644
    -postinstall_dexopt
    -cppreopts
    -dex2oat
-@@ -488,7 +488,7 @@ neverallow {
+@@ -492,7 +492,7 @@ neverallow {
    -system_server
    -system_app
    -init
@@ -188,5 +188,5 @@ index 3ca8182..5e2a3a8 100644
  allow system_server mediaextractor_service:service_manager find;
  allow system_server mediacodec_service:service_manager find;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch b/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch
index 427e5c968a204f7190ba3c0e6f6fec405624a7e4..508f101fd372d6666a007e9117294aac37f6457c 100644 (file)
--- a/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch
+++ b/patches/system/sepolicy/0007-sepolicy-allow-masquerade-to-read-and-write-theme-as.patch
@@ -1,7 +1,7 @@
-From 35e7f6b212da283b29132f2734da6360c3a36c13 Mon Sep 17 00:00:00 2001
+From d47eac54afab000b8b273d6a7e7dbbcf4764ab5d Mon Sep 17 00:00:00 2001
 From: Surge1223 <surge1223@gmail.com>
 Date: Wed, 22 Feb 2017 20:45:04 -0600
-Subject: [PATCH 07/12] sepolicy: allow masquerade to read and write theme
+Subject: [PATCH 07/13] sepolicy: allow masquerade to read and write theme
  assets
 
 Fix for masquerade to handle theme assets including fonts and bootanimation, also
@@ -36,5 +36,5 @@ index 949699c..2f17030 100644
 +allow masquerade connectivity_service:service_manager find;
 +allow masquerade display_service:service_manager find;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch b/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch
index 82b852469f21d4a5507f7b28a66ee7cd75019073..45429eff411723f7e329294aebc19e488f156137 100644 (file)
--- a/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch
+++ b/patches/system/sepolicy/0008-sepolicy-Fix-application-of-bootanimation.patch
@@ -1,7 +1,7 @@
-From ff7ba5a6d5524f632134c6bcf43173043479e27e Mon Sep 17 00:00:00 2001
+From e13c58ca101a08f70f0e6c7a8be890b5814b569f Mon Sep 17 00:00:00 2001
 From: Miccia <bono.michele94@gmail.com>
 Date: Mon, 27 Feb 2017 12:36:21 +0100
-Subject: [PATCH 08/12] sepolicy: Fix application of bootanimation
+Subject: [PATCH 08/13] sepolicy: Fix application of bootanimation
 
 Change-Id: I7365d28fecf18b4d1aa42b2210e023b202dd97a5
 ---
@@ -33,5 +33,5 @@ index 5e2a3a8..c544803 100644
 +
 +allow system_server theme_data_file:dir search;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch b/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch
index bfc326c9abe042e693805471706577d3d09d9450..d3cd9a50bcb115e0f046d7aad80bdb86b73b3cfe 100644 (file)
--- a/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch
+++ b/patches/system/sepolicy/0009-sepolicy-Redo-masquerade-rules.patch
@@ -1,7 +1,7 @@
-From 931433e0e94054c4898276213fa18e0ca93d29e2 Mon Sep 17 00:00:00 2001
+From c7fcf28a1ef47e74cf91153e8503c19b6175714e Mon Sep 17 00:00:00 2001
 From: LuK1337 <priv.luk@gmail.com>
 Date: Wed, 1 Mar 2017 23:11:49 +0100
-Subject: [PATCH 09/12] sepolicy: Redo masquerade rules
+Subject: [PATCH 09/13] sepolicy: Redo masquerade rules
 
 * Use macros
 * Label custom properties
@@ -140,5 +140,5 @@ index c544803..5262a79 100644
 -
 -allow system_server theme_data_file:dir search;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch b/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch
index c234f4123a6350b523d0b0f873db1234cdc7cc94..3ac5532e8f72b4b85f87d1c36e45f5cbee016b0b 100644 (file)
--- a/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch
+++ b/patches/system/sepolicy/0010-Welcome-to-Theme-Interfacer-2-2.patch
@@ -1,7 +1,7 @@
-From 4ef2c96d7fa1f63ebbec4b9ac3ac7fe7b6cd36a0 Mon Sep 17 00:00:00 2001
+From 1c0171ad09ae123a87e31c1d1354de4f40d02427 Mon Sep 17 00:00:00 2001
 From: Nathan Chancellor <natechancellor@gmail.com>
 Date: Sat, 4 Mar 2017 19:20:10 -0700
-Subject: [PATCH 10/12] Welcome to Theme Interfacer! [2/2]
+Subject: [PATCH 10/13] Welcome to Theme Interfacer! [2/2]
 
 Change-Id: I4a28c8840957d385338529540e081eabd3135cc1
 Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
@@ -32,10 +32,10 @@ index e6180e3..93fe3a4 100644
  
  # Write to various other parts of /data.
 diff --git a/domain.te b/domain.te
-index 5bc5fcb..634f3bf 100644
+index b473da7..fbd6c26 100644
 --- a/domain.te
 +++ b/domain.te
-@@ -381,7 +381,7 @@ neverallow {
+@@ -385,7 +385,7 @@ neverallow {
    -init # TODO: limit init to relabelfrom for files
    -zygote
    -installd
@@ -44,7 +44,7 @@ index 5bc5fcb..634f3bf 100644
    -postinstall_dexopt
    -cppreopts
    -dex2oat
-@@ -488,7 +488,7 @@ neverallow {
+@@ -492,7 +492,7 @@ neverallow {
    -system_server
    -system_app
    -init
@@ -253,5 +253,5 @@ index 5262a79..a30a09e 100644
  allow system_server mediaextractor_service:service_manager find;
  allow system_server mediacodec_service:service_manager find;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch b/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch
index bff74705c4ca0ce972a6fd9bec5c82636fc20569..f00b720e0714412f4394671e2ec1a7ea8fe9dcab 100644 (file)
--- a/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch
+++ b/patches/system/sepolicy/0011-sepolicy-add-file-and-domain-trans-to-interfacer.patch
@@ -1,7 +1,7 @@
-From 44f026c91d25d3e72d9654efc0c238cb451d6451 Mon Sep 17 00:00:00 2001
+From 3e15fbb8057baaeeba5a557edb57626e6d1fa53c Mon Sep 17 00:00:00 2001
 From: Surge Raval <Surge1223@gmail.com>
 Date: Sun, 16 Apr 2017 05:00:13 +0000
-Subject: [PATCH 11/12] sepolicy: add file and domain trans to interfacer
+Subject: [PATCH 11/13] sepolicy: add file and domain trans to interfacer
 
 This will fix bootanimations not applying on 7.1.2 ROMs
 
@@ -34,5 +34,5 @@ index c2a5320..8dd0f3f 100644
  neverallow untrusted_app anr_data_file:dir ~search;
 +allow untrusted_app system_app_data_file:dir getattr;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch b/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch
index 01c2e3ea7b96ef4a75790fbca6d4a213e665adb8..c533a52be98ab53a4ce363e2089704dd82124ffd 100644 (file)
--- a/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch
+++ b/patches/system/sepolicy/0012-sepolicy-Allow-system_server-to-set-theme_prop.patch
@@ -1,7 +1,7 @@
-From b3bdd5ba0f03e0e85c064defb3842d57ca1990ab Mon Sep 17 00:00:00 2001
+From 9ff626d3b6fefa7a54a6faddf93d2fa29052cdfa Mon Sep 17 00:00:00 2001
 From: Harsh Shandilya <msfjarvis@gmail.com>
 Date: Tue, 9 May 2017 09:18:10 +0530
-Subject: [PATCH 12/12] sepolicy: Allow system_server to set theme_prop
+Subject: [PATCH 12/13] sepolicy: Allow system_server to set theme_prop
 
 [ 6065.716763] init: avc:  denied  { set } for property=sys.refresh_theme
 pid=1131 uid=1000 gid=1000 scontext=u:r:system_server:s0
@@ -27,5 +27,5 @@ index a30a09e..037ecb8 100644
  # Create a socket for receiving info from wpa.
  type_transition system_server wifi_data_file:sock_file system_wpa_socket;
 -- 
-2.11.1
+2.9.4
 

diff --git a/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch b/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch
new file mode 100644 (file)
index 0000000..d1f68d8
--- /dev/null
+++ b/patches/system/sepolicy/0013-Add-policy-to-fix-interfacer-derp-on-boot.patch
@@ -0,0 +1,50 @@
+From fea6eb7c59965d99f0c0fe019772cdf1f950972d Mon Sep 17 00:00:00 2001
+From: Surge Raval <Surge1223@gmail.com>
+Date: Tue, 30 May 2017 00:59:31 +0200
+Subject: [PATCH 13/13] Add policy to fix interfacer derp on boot
+
+05-29 08:40:17.200 10546 10600 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 10600 (POSIX timer 0)
+05-29 08:40:17.200   428   428 W         : debuggerd: handling request: pid=10546 uid=1006 gid=1006 tid=10600
+05-29 08:40:17.223 20058 20058 E         : debuggerd: Unable to connect to activity manager (connect failed: Connection refused)
+05-29 08:40:17.225   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
+05-29 08:40:17.226   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
+05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:135): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61332 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
+05-29 08:40:17.226 19831 19831 E PackageManager: Failed to create app data for projekt.interfacer, but trying to recover: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute create_app_data [null, projekt.interfacer, 0, 3, 1000, platform:privapp, 25]: -1
+05-29 08:40:17.228   580   580 E         : Couldn't opendir /data/user_de/0/projekt.interfacer: No such file or directory
+05-29 08:40:17.229 19831 19831 W PackageManager: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute destroy_app_data [null, projekt.interfacer, 0, 3, 61332]: -2
+05-29 08:40:17.229   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
+05-29 08:40:17.229   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
+05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:136): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61488 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
+05-29 08:40:17.230 19831 19831 D PackageManager: Recovery failed!
+05-29 08:40:17.231   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
+05-29 08:40:17.231   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
+05-29 08:40:17.232 19831 19831 E PackageManager: Failed to create app data for projekt.interfacer, but trying to recover: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute create_app_data [null, projekt.interfacer, 0, 3, 1000, platform:privapp, 25]: -1
+05-29 08:40:17.219   580   580 W installd: type=1400 audit(0.0:137): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61488 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
+05-29 08:40:17.233   580   580 E         : Couldn't opendir /data/user_de/0/projekt.interfacer: No such file or directory
+05-29 08:40:17.233 19831 19831 W PackageManager: com.android.internal.os.InstallerConnection$InstallerException: Failed to execute destroy_app_data [null, projekt.interfacer, 0, 3, 61488]: -2
+05-29 08:40:17.234   580   580 E SELinux : SELinux: Could not set context for /data/data/projekt.interfacer:  Permission denied
+05-29 08:40:17.234   580   580 E installd: Failed top-level restorecon for /data/data/projekt.interfacer: Permission denied
+05-29 08:40:17.234 19831 19831 D PackageManager: Recovery failed!
+05-29 08:40:17.229   580   580 W installd: type=1400 audit(0.0:138): avc: denied { relabelto } for name="projekt.interfacer" dev="sda15" ino=61491 scontext=u:r:installd:s0 tcontext=u:object_r:theme_data_file:s0 tclass=dir permissive=0
+05-29 08:40:17.274 20058 20058 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
+
+Change-Id: I39def485bbeea25e2b32baa30e575779afd50ce4
+---
+ installd.te | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/installd.te b/installd.te
+index ab0aadc..6800695 100644
+--- a/installd.te
++++ b/installd.te
+@@ -126,3 +126,7 @@ allow installd devpts:chr_file rw_file_perms;
+ 
+ # execute toybox for app relocation
+ allow installd toolbox_exec:file rx_file_perms;
++
++# allow /data/data/ theme attributes for theme_data explicitly without macros
++allow installd theme_data_file:dir { add_name getattr read relabelto remove_name setattr write open search };
++allow installd theme_data_file:lnk_file { create getattr unlink };
+-- 
+2.9.4
+