From cbc36489a60bddbee9857aaddb027290e4b22ef8 Mon Sep 17 00:00:00 2001
From: Steve Kondik <shade@chemlab.org>
Date: Thu, 12 Jun 2014 02:22:11 -0700
Subject: sepolicy: Fix a few denials when using backup service

Change-Id: Ia5c307a126d42f1dd5952f809f8b4ca1c686a33c
---
 system.te | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/system.te b/system.te
index 432ae36..18e0a7b 100644
--- a/system.te
+++ b/system.te
@@ -13,10 +13,18 @@ type_transition system wifi_data_file:sock_file system_wpa_socket;
 allow system self:zygote { specifyids specifyrlimits specifyseinfo };
 
 allow system backup_data_file:dir relabelto;
-allow system cache_backup_file:dir relabelto;
 allow system apk_data_file:file relabelto;
 allow system apk_tmp_file:file relabelto;
 allow system apk_private_tmp_file:file relabelto;
 
 # Access to wake locks
 allow system sysfs_wake_lock:file rw_file_perms;
+
+# BackupManagerService lets PMS create a data backup file
+allow system cache_backup_file:file create_file_perms;
+# Relabel /data/backup
+allow system backup_data_file:dir { relabelto relabelfrom };
+# Relabel /cache/.*\.{data|restore}
+allow system cache_backup_file:file { relabelto relabelfrom };
+# LocalTransport creates and relabels /cache/backup
+allow system cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
-- 
cgit v1.2.3