Add policy for persist time folder

Persist time foler is to save data of time_daemon. Add policy to
make time_daemon have access to persist time folder.

CRs-Fixed: 1050321
Change-Id: I9ddd96bf9882fc73dc83b62af24b74670eb36792

3 files changed, 6 insertions, 0 deletions

diff --git a/common/file.te b/common/file.te
index 47ec84f4..29d6a721 100644
--- a/common/file.te
+++ b/common/file.te
@@ -201,3 +201,5 @@ type dynamic_nv_data_file, file_type, data_file_type;
 type wififtmd_socket, file_type;
 
 type persist_alarm_file, file_type;
+
+type persist_time_file, file_type;
diff --git a/common/file_contexts b/common/file_contexts
index f2fc4b62..bc45e218 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -345,6 +345,7 @@
 /persist/drm(/.*)?                                                  u:object_r:persist_drm_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0
 /persist/alarm(/.*)?                                                u:object_r:persist_alarm_file:s0
+/persist/time(/.*)?                                                 u:object_r:persist_time_file:s0
 /persist/data(/.*)?                                                 u:object_r:persist_drm_file:s0
 /persist/data/tz(/.*)?                                              u:object_r:persist_drm_file:s0
 /persist/data/sfs(/.*)?                                             u:object_r:persist_drm_file:s0
diff --git a/common/time_daemon.te b/common/time_daemon.te
index 5f64ec5f..89e74eb1 100644
--- a/common/time_daemon.te
+++ b/common/time_daemon.te
@@ -16,4 +16,7 @@ allow time_daemon time_data_file:dir w_dir_perms;
 allow time_daemon self:socket create_socket_perms;
 allow time_daemon self:capability { setuid setgid sys_time };
 
+allow time_daemon persist_time_file:file create_file_perms;
+allow time_daemon persist_time_file:dir w_dir_perms;
+
 r_dir_file(time_daemon, sysfs_esoc);