The file descriptors for /dev/zero are no longer open. However,
a descriptor to the shell is still inherited. Update the comment.
Bug: 126787589
Test: m
Test: manual
Change-Id: I0d4518d2ba771622ea969bbf02827db45788bc09
Allow everyone to look for keys in the fsverity keyring. This is
required to access fsverity-protected files, at all.
This set of permissions is analogous to allowances for the fscrypt
keyring and keys.
Bug: 125474642
Test: m
Test: manual
Change-Id: I6e8c13272cdd76d9940d950e9dabecdb210691b1
Add art_apex_postinstall domain that is allowed to move
precreated AoT artifacts from /data/ota.
Bug: 125474642
Test: m
Change-Id: Id674e202737155a4ee31187f096d1dd655001fdd