diff options
author | Mao Jinlong <c_jmao@codeaurora.org> | 2016-08-15 15:07:23 +0800 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-08-30 07:00:28 -0700 |
commit | 7db678baa68d9a8869c960d5d847f7feadef3a01 (patch) | |
tree | fbb4eff24406bdbb2d3869f46da16e26d6f9162b | |
parent | 21fbf4af6061a34690ff82d48f8645eac570d679 (diff) | |
download | android_device_qcom_sepolicy-7db678baa68d9a8869c960d5d847f7feadef3a01.tar.gz android_device_qcom_sepolicy-7db678baa68d9a8869c960d5d847f7feadef3a01.tar.bz2 android_device_qcom_sepolicy-7db678baa68d9a8869c960d5d847f7feadef3a01.zip |
Add policy for persist time folder
Persist time foler is to save data of time_daemon. Add policy to
make time_daemon have access to persist time folder.
CRs-Fixed: 1050321
Change-Id: I9ddd96bf9882fc73dc83b62af24b74670eb36792
-rw-r--r-- | common/file.te | 2 | ||||
-rw-r--r-- | common/file_contexts | 1 | ||||
-rw-r--r-- | common/time_daemon.te | 3 |
3 files changed, 6 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index 47ec84f4..29d6a721 100644 --- a/common/file.te +++ b/common/file.te @@ -201,3 +201,5 @@ type dynamic_nv_data_file, file_type, data_file_type; type wififtmd_socket, file_type; type persist_alarm_file, file_type; + +type persist_time_file, file_type; diff --git a/common/file_contexts b/common/file_contexts index f2fc4b62..bc45e218 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -345,6 +345,7 @@ /persist/drm(/.*)? u:object_r:persist_drm_file:s0 /persist/sensors(/.*)? u:object_r:sensors_persist_file:s0 /persist/alarm(/.*)? u:object_r:persist_alarm_file:s0 +/persist/time(/.*)? u:object_r:persist_time_file:s0 /persist/data(/.*)? u:object_r:persist_drm_file:s0 /persist/data/tz(/.*)? u:object_r:persist_drm_file:s0 /persist/data/sfs(/.*)? u:object_r:persist_drm_file:s0 diff --git a/common/time_daemon.te b/common/time_daemon.te index 5f64ec5f..89e74eb1 100644 --- a/common/time_daemon.te +++ b/common/time_daemon.te @@ -16,4 +16,7 @@ allow time_daemon time_data_file:dir w_dir_perms; allow time_daemon self:socket create_socket_perms; allow time_daemon self:capability { setuid setgid sys_time }; +allow time_daemon persist_time_file:file create_file_perms; +allow time_daemon persist_time_file:dir w_dir_perms; + r_dir_file(time_daemon, sysfs_esoc); |