Merge "remove nightly and add maintenance ota path" into mm6.0
diff --git a/config/common.mk b/config/common.mk
index bf7f2fd..008f191 100644
--- a/config/common.mk
+++ b/config/common.mk
@@ -53,7 +53,8 @@
ro.com.android.dataroaming=false
PRODUCT_PROPERTY_OVERRIDES += \
- ro.build.selinux=1
+ ro.build.selinux=1 \
+ persist.sys.root_access=3
ifneq ($(TARGET_BUILD_VARIANT),user)
# Thank you, please drive thru!
diff --git a/sepolicy/app.te b/sepolicy/app.te
index 761eb5f..e590efe 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -1,3 +1,8 @@
+# Access OBBs (sdcard_posix) mounted by vold
+# File write access allowed for FDs returned through Storage Access Framework
+allow appdomain sdcard_posix:dir r_dir_perms;
+allow appdomain sdcard_posix:file rw_file_perms;
+
# Themed resources (i.e. composed icons)
allow appdomain theme_data_file:dir r_dir_perms;
allow appdomain theme_data_file:file r_file_perms;
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
new file mode 100644
index 0000000..db8647d
--- /dev/null
+++ b/sepolicy/platform_app.te
@@ -0,0 +1,4 @@
+# Direct access to vold-mounted storage under /mnt/media_rw
+# This is a performance optimization that allows platform apps to bypass the FUSE layer
+allow platform_app sdcard_posix:dir create_dir_perms;
+allow platform_app sdcard_posix:file create_file_perms;