diff options
| author | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:06:26 -0500 |
|---|---|---|
| committer | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:11:14 -0500 |
| commit | c3d43d2b47748f5e0278f01371398ed3e65ccdab (patch) | |
| tree | 38dc7355856a56cc385184b74d79c10b14176e56 /selinux/time_daemon.te | |
| parent | 01fd7d495b2b9a5a0f107fe46cff7be78adf66c2 (diff) | |
| download | device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.gz device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.bz2 device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.zip | |
Revert "Remove device specific SEPolicy"
Will follow with policy updates
This reverts commit 8e368fa918f244e214ee8bd53ce332ce6ad74663.
Change-Id: I58247300df68442709b44623e29b1bee0c6d5496
Diffstat (limited to 'selinux/time_daemon.te')
| -rw-r--r-- | selinux/time_daemon.te | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/selinux/time_daemon.te b/selinux/time_daemon.te new file mode 100644 index 0000000..5793197 --- /dev/null +++ b/selinux/time_daemon.te @@ -0,0 +1,21 @@ +# Policies for time daemon +type time_daemon, domain; +type time_daemon_exec, exec_type, file_type; +type time_data_file, file_type, data_file_type; + +# Make transition to its own time_daemon domain from init +init_daemon_domain(time_daemon) +allow time_daemon smem_log_device:chr_file rw_file_perms; + +# Add rules for access permissions +#============= IOCTL operations ============== +allow time_daemon rtc_device:chr_file { open read ioctl }; +allow time_daemon alarm_device:chr_file { open read write ioctl }; + +#============= File read/write ============== +allow time_daemon time_data_file:file { write create open read}; +allow time_daemon time_data_file:dir { write add_name search}; +allow time_daemon self:socket { write read create ioctl}; +allow time_daemon self:capability { setuid setgid }; + +r_dir_file(time_daemon, sysfs_esoc); |