Merge changes Ide8fc07c,Ia1f51db4

* changes:
  Allow vold to mount on top of /data/media.
  Revert "Temporarily relax Zygote storage mounting rules."
diff --git a/Android.mk b/Android.mk
index c4d6fd3..e3b4143 100644
--- a/Android.mk
+++ b/Android.mk
@@ -226,12 +226,12 @@
 # Convert a file_context file for a non-flattened APEX into a file for
 # flattened APEX. /system/apex/<apex_name> path is prepended to the original paths
 # $(1): path to the input file_contexts file for non-flattened APEX
-# $(2): name of the APEX
-# $(3): path to the generated file_contexs file for flattened APEX
+# $(2): path to the flattened APEX
+# $(3): path to the generated file_contexts file for flattened APEX
 # $(4): variable where $(3) is added to
 define build_flattened_apex_file_contexts
 $(4) += $(3)
-$(3): PRIVATE_APEX_PATH := /system/apex/$(subst .,\\.,$(2))
+$(3): PRIVATE_APEX_PATH := $(subst .,\\.,$(2))
 $(3): $(1)
 	$(hide) awk '/object_r/{printf("$$(PRIVATE_APEX_PATH)%s\n",$$$$0)}' $$< > $$@
 endef
@@ -1416,15 +1416,16 @@
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
   local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
 endif
-ifeq ($(TARGET_FLATTEN_APEX),true)
-  $(foreach _pair,$(APEX_FILE_CONTEXTS_INFOS),\
-    $(eval _apex_name := $(call word-colon,1,$(_pair)))\
-    $(eval _fc_name := $(call word-colon,2,$(_pair)))\
-    $(eval _input := $(LOCAL_PATH)/apex/$(_fc_name)-file_contexts)\
-    $(eval _output := $(intermediates)/$(_apex_name)-flattened)\
-    $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_name),$(_output),local_fc_files))\
-   )
-endif
+
+# Even if TARGET_FLATTEN_APEX is not turned on, "flattened" APEXes are installed
+$(foreach _tuple,$(APEX_FILE_CONTEXTS_INFOS),\
+  $(eval _apex_name := $(call word-colon,1,$(_tuple)))\
+  $(eval _apex_path := $(call word-colon,2,$(_tuple)))\
+  $(eval _fc_path := $(call word-colon,3,$(_tuple)))\
+  $(eval _input := $(_fc_path))\
+  $(eval _output := $(intermediates)/$(_apex_name)-flattened)\
+  $(eval $(call build_flattened_apex_file_contexts,$(_input),$(_apex_path),$(_output),local_fc_files))\
+  )
 
 file_contexts.local.tmp := $(intermediates)/file_contexts.local.tmp
 $(file_contexts.local.tmp): PRIVATE_FC_FILES := $(local_fc_files)
diff --git a/apex/Android.bp b/apex/Android.bp
new file mode 100644
index 0000000..8eedfab
--- /dev/null
+++ b/apex/Android.bp
@@ -0,0 +1,133 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+filegroup {
+  name: "apex.test-file_contexts",
+  srcs: [
+    "apex.test-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.adbd-file_contexts",
+  srcs: [
+    "com.android.adbd-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.art.debug-file_contexts",
+  srcs: [
+    "com.android.art.debug-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.art.release-file_contexts",
+  srcs: [
+    "com.android.art.release-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.bootanimation-file_contexts",
+  srcs: [
+    "com.android.bootanimation-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.cellbroadcast-file_contexts",
+  srcs: [
+    "com.android.cellbroadcast-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.conscrypt-file_contexts",
+  srcs: [
+    "com.android.conscrypt-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.i18n-file_contexts",
+  srcs: [
+    "com.android.i18n-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.media-file_contexts",
+  srcs: [
+    "com.android.media-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.media.swcodec-file_contexts",
+  srcs: [
+    "com.android.media.swcodec-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.neuralnetworks-file_contexts",
+  srcs: [
+    "com.android.neuralnetworks-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.os.statsd-file_contexts",
+  srcs: [
+    "com.android.os.statsd-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.permission-file_contexts",
+  srcs: [
+    "com.android.permission-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.resolv-file_contexts",
+  srcs: [
+    "com.android.resolv-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.runtime-file_contexts",
+  srcs: [
+    "com.android.runtime-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.tzdata-file_contexts",
+  srcs: [
+    "com.android.tzdata-file_contexts",
+  ],
+}
+
+filegroup {
+  name: "com.android.vndk-file_contexts",
+  srcs: [
+    "com.android.vndk-file_contexts",
+  ],
+}
diff --git a/apex/com.android.ipsec-file_contexts b/apex/com.android.ipsec-file_contexts
new file mode 100644
index 0000000..270f0e1
--- /dev/null
+++ b/apex/com.android.ipsec-file_contexts
@@ -0,0 +1,2 @@
+(/.*)?                          u:object_r:system_file:s0
+/lib(64)?(/.*)?                 u:object_r:system_lib_file:s0
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 83c76cb..739940b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -5,6 +5,8 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    app_search_service
+    auth_service
     ashmem_libcutils_device
     blob_store_service
     boringssl_self_test
@@ -26,10 +28,14 @@
     linker_prop
     mock_ota_prop
     ota_metadata_file
+    ota_prop
     art_apex_dir
     service_manager_service
     system_group_file
     system_passwd_file
+    timezonedetector_service
+    userspace_reboot_prop
+    userspace_reboot_exported_prop
     vendor_apex_file
     vendor_boringssl_self_test
     vendor_install_recovery
diff --git a/private/domain.te b/private/domain.te
index 5851d75..ce2d900 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -73,6 +73,8 @@
     get_prop({coredomain appdomain shell}, exported3_default_prop)
     get_prop({coredomain appdomain shell}, exported3_radio_prop)
     get_prop({coredomain appdomain shell}, exported3_system_prop)
+    get_prop({coredomain shell}, userspace_reboot_exported_prop)
+    get_prop({coredomain shell}, userspace_reboot_prop)
     get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')
 
diff --git a/private/fsverity_init.te b/private/fsverity_init.te
index aafaf53..2559525 100644
--- a/private/fsverity_init.te
+++ b/private/fsverity_init.te
@@ -24,8 +24,3 @@
 # already registered algorithm with that name. If it fails, the kernel creates
 # an implementation of the algorithm from templates.
 dontaudit fsverity_init kernel:system module_request;
-
-# TODO(b/132323675): remove once kernel bug is fixed.
-userdebug_or_eng(`
-  dontaudit fsverity_init self:capability sys_admin;
-')
diff --git a/private/init.te b/private/init.te
index 374b207..3edd021 100644
--- a/private/init.te
+++ b/private/init.te
@@ -32,3 +32,9 @@
 
 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_prop)
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_prop:property_service set;
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te
index 15bb9e1..9d88248 100644
--- a/private/permissioncontroller_app.te
+++ b/private/permissioncontroller_app.te
@@ -1,7 +1,15 @@
 ###
 ### A domain for further sandboxing the GooglePermissionController app.
 ###
-type permissioncontroller_app, domain;
+type permissioncontroller_app, domain, coredomain;
+
+# Allow everything.
+# TODO(b/142672293): remove when no selinux denials are triggered for this
+# domain
+# STOPSHIP(b/142672293): monitor http://go/sedenials for any denials around
+# `permissioncontroller_app` and remove this line once we are confident about
+# this having the right set of permissions.
+userdebug_or_eng(`permissive permissioncontroller_app;')
 
 app_domain(permissioncontroller_app)
 
@@ -21,7 +29,11 @@
 allow permissioncontroller_app activity_task_service:service_manager find;
 allow permissioncontroller_app audio_service:service_manager find;
 allow permissioncontroller_app autofill_service:service_manager find;
+allow permissioncontroller_app content_capture_service:service_manager find;
 allow permissioncontroller_app device_policy_service:service_manager find;
+allow permissioncontroller_app incidentcompanion_service:service_manager find;
 allow permissioncontroller_app location_service:service_manager find;
+allow permissioncontroller_app media_session_service:service_manager find;
 allow permissioncontroller_app surfaceflinger_service:service_manager find;
+allow permissioncontroller_app telecom_service:service_manager find;
 allow permissioncontroller_app trust_service:service_manager find;
diff --git a/private/property_contexts b/private/property_contexts
index 16c8d93..06c662e 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -22,6 +22,7 @@
 hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
+sys.init.userspace_reboot   u:object_r:userspace_reboot_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.linker.             u:object_r:linker_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
@@ -219,3 +220,6 @@
 # Virtual A/B properties
 ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0
 ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0
+
+# Property to set/clear the warm reset flag after an OTA update.
+ota.warm_reset  u:object_r:ota_prop:s0
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 4980c93..17c22e1 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -158,6 +158,7 @@
 user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
 user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
 user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
diff --git a/private/service_contexts b/private/service_contexts
index b7cd10f..dd71111 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -11,6 +11,7 @@
 android.service.gatekeeper.IGateKeeperService    u:object_r:gatekeeper_service:s0
 app_binding                               u:object_r:app_binding_service:s0
 app_prediction                            u:object_r:app_prediction_service:s0
+app_search                                u:object_r:app_search_service:s0
 apexservice                               u:object_r:apex_service:s0
 blob_store                                u:object_r:blob_store_service:s0
 gsiservice                                u:object_r:gsi_service:s0
@@ -19,6 +20,7 @@
 assetatlas                                u:object_r:assetatlas_service:s0
 attention                                 u:object_r:attention_service:s0
 audio                                     u:object_r:audio_service:s0
+auth                                      u:object_r:auth_service:s0
 autofill                                  u:object_r:autofill_service:s0
 backup                                    u:object_r:backup_service:s0
 batteryproperties                         u:object_r:batteryproperties_service:s0
@@ -197,6 +199,7 @@
 textclassification                        u:object_r:textclassification_service:s0
 textservices                              u:object_r:textservices_service:s0
 time_detector                             u:object_r:timedetector_service:s0
+time_zone_detector                        u:object_r:timezonedetector_service:s0
 timezone                                  u:object_r:timezone_service:s0
 thermalservice                            u:object_r:thermal_service:s0
 trust                                     u:object_r:trust_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index f0a447a..5544279 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -265,6 +265,7 @@
   mediametrics
   mediaserver
   mediaswcodec
+  netd
   sdcardd
   statsd
   surfaceflinger
diff --git a/public/property.te b/public/property.te
index d417628..29d1718 100644
--- a/public/property.te
+++ b/public/property.te
@@ -17,6 +17,7 @@
 system_internal_prop(last_boot_reason_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(pm_prop)
+system_internal_prop(userspace_reboot_prop)
 
 compatible_property_only(`
     # DO NOT ADD ANY PROPERTIES HERE
@@ -62,6 +63,7 @@
 system_restricted_prop(nnapi_ext_deny_product_prop)
 system_restricted_prop(restorecon_prop)
 system_restricted_prop(system_boot_reason_prop)
+system_restricted_prop(userspace_reboot_exported_prop)
 
 compatible_property_only(`
     # DO NOT ADD ANY PROPERTIES HERE
@@ -130,6 +132,7 @@
 system_public_prop(log_tag_prop)
 system_public_prop(lowpan_prop)
 system_public_prop(nfc_prop)
+system_public_prop(ota_prop)
 system_public_prop(powerctl_prop)
 system_public_prop(radio_prop)
 system_public_prop(serialno_prop)
@@ -287,6 +290,7 @@
 typeattribute logd_prop          core_property_type;
 typeattribute net_radio_prop     core_property_type;
 typeattribute nfc_prop           core_property_type;
+typeattribute ota_prop           core_property_type;
 typeattribute pan_result_prop    core_property_type;
 typeattribute persist_debug_prop core_property_type;
 typeattribute powerctl_prop      core_property_type;
@@ -313,6 +317,7 @@
   -logd_prop
   -net_radio_prop
   -nfc_prop
+  -ota_prop
   -pan_result_prop
   -persist_debug_prop
   -powerctl_prop
@@ -625,6 +630,7 @@
     -net_radio_prop
     -netd_stable_secret_prop
     -nfc_prop
+    -ota_prop
     -overlay_prop
     -pan_result_prop
     -persist_debug_prop
diff --git a/public/property_contexts b/public/property_contexts
index 7a2badd..2951d33 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -11,11 +11,13 @@
 camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
 dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
 dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
 dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
 dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -61,6 +64,8 @@
 dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string
 dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int
 dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool
+dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
 dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
@@ -266,6 +271,7 @@
 ro.secure u:object_r:exported_secure_prop:s0 exact int
 service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
 sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
 sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
 vold.decrypt u:object_r:exported_vold_prop:s0 exact string
 
diff --git a/public/radio.te b/public/radio.te
index 4527707..34eaf83 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -35,6 +35,7 @@
 allow radio app_api_service:service_manager find;
 allow radio system_api_service:service_manager find;
 allow radio timedetector_service:service_manager find;
+allow radio timezonedetector_service:service_manager find;
 
 # Perform HwBinder IPC.
 hwbinder_use(radio)
diff --git a/public/service.te b/public/service.te
index aace214..c025530 100644
--- a/public/service.te
+++ b/public/service.te
@@ -45,10 +45,12 @@
 type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type app_binding_service, system_server_service, service_manager_type;
 type app_prediction_service, app_api_service, system_server_service, service_manager_type;
+type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type auth_service, app_api_service, system_server_service, service_manager_type;
 type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
@@ -167,6 +169,7 @@
 type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type timedetector_service, system_server_service, service_manager_type;
 type timezone_service, system_server_service, service_manager_type;
+type timezonedetector_service, system_server_service, service_manager_type;
 type trust_service, app_api_service, system_server_service, service_manager_type;
 type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/update_engine.te b/public/update_engine.te
index 5410bde..8aafe34 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -58,6 +58,9 @@
 # Allow to start gsid service.
 set_prop(update_engine, ctl_gsid_prop)
 
+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
 # update_engine tries to determine the parent path for all devices (e.g.
 # /dev/block/by-name) by reading the default fstab and looking for the misc
 # device. ReadDefaultFstab() checks whether a GSI is running by checking
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 8d40cdd..f881aeb 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -27,6 +27,9 @@
 # Allow update_verifier to reboot the device.
 set_prop(update_verifier, powerctl_prop)
 
+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
 # Use Boot Control HAL
 hal_client_domain(update_verifier, hal_bootctl)
 
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 21a9222..1af56fe 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -220,6 +220,8 @@
       -nnapi_ext_deny_product_prop
       -init_svc_debug_prop
       -linker_prop
+      -userspace_reboot_exported_prop
+      -userspace_reboot_prop
     })
 ')
 
@@ -258,6 +260,8 @@
 get_prop(vendor_init, exported3_system_prop)
 get_prop(vendor_init, theme_prop)
 
+get_prop(vendor_init, ota_prop)
+
 ###
 ### neverallow rules
 ###
diff --git a/public/vold.te b/public/vold.te
index 59560be..9f4489d 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -176,6 +176,7 @@
 set_prop(vold, powerctl_prop)
 set_prop(vold, ctl_fuse_prop)
 set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)
 
 # ASEC
 allow vold asec_image_file:file create_file_perms;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 07aaf5b..d05e47f 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -6,7 +6,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service  u:object_r:hal_audiocontrol_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service  u:object_r:hal_can_socketcan_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service  u:object_r:hal_evs_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-service  u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service)  u:object_r:hal_vehicle_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.0-service\.btlinux    u:object_r:hal_bluetooth_btlinux_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
@@ -39,6 +39,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.ir@1\.0-service             u:object_r:hal_ir_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service      u:object_r:hal_keymaster_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service      u:object_r:hal_keymaster_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service-lazy     u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service         u:object_r:hal_lowpan_default_exec:s0
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index e605ecb..dcb03a8 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -5,3 +5,8 @@
 # may be started by init
 type hal_vehicle_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_vehicle_default)
+
+# communication with CAN bus HAL
+allow hal_vehicle_default hal_can_bus_hwservice:hwservice_manager find;
+allow hal_vehicle_default hal_can_socketcan:binder { call transfer };
+allow hal_can_socketcan hal_vehicle_default:binder { call transfer };