From 2ff56657dd34d0a797461f5ac5e72988318d98d7 Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Wed, 10 Jan 2018 22:17:01 +0100 Subject: [PATCH] msm8976-common: sepolicy: Sync timekeep rules with SODP --- sepolicy/system_app.te | 2 +- sepolicy/timekeep.te | 10 ++-------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te index 20f3c1d..7353f3b 100644 --- a/sepolicy/system_app.te +++ b/sepolicy/system_app.te @@ -1,6 +1,6 @@ allow system_app sysfs_mdnie:file rw_file_perms; +# TimeKeep Java service allow system_app time_data_file:dir search; allow system_app time_data_file:file rw_file_perms; - set_prop(system_app, timekeep_prop) diff --git a/sepolicy/timekeep.te b/sepolicy/timekeep.te index 19cbe2d..8191118 100644 --- a/sepolicy/timekeep.te +++ b/sepolicy/timekeep.te @@ -1,16 +1,10 @@ type timekeep, domain; type timekeep_exec, exec_type, vendor_file_type, file_type; -# Started by init init_daemon_domain(timekeep) -allow timekeep self:capability { - fowner - fsetid - sys_time - dac_override - dac_read_search -}; +# Grant permission to set system time and to set the real-time lock +allow timekeep self:capability { fowner sys_time }; allow timekeep time_data_file:file create_file_perms; allow timekeep time_data_file:dir create_dir_perms;