msm8976-common: sepolicy: Sync timekeep rules with SODP
This commit is contained in:
parent
ee0365443e
commit
2ff56657dd
|
@ -1,6 +1,6 @@
|
||||||
allow system_app sysfs_mdnie:file rw_file_perms;
|
allow system_app sysfs_mdnie:file rw_file_perms;
|
||||||
|
|
||||||
|
# TimeKeep Java service
|
||||||
allow system_app time_data_file:dir search;
|
allow system_app time_data_file:dir search;
|
||||||
allow system_app time_data_file:file rw_file_perms;
|
allow system_app time_data_file:file rw_file_perms;
|
||||||
|
|
||||||
set_prop(system_app, timekeep_prop)
|
set_prop(system_app, timekeep_prop)
|
||||||
|
|
|
@ -1,16 +1,10 @@
|
||||||
type timekeep, domain;
|
type timekeep, domain;
|
||||||
type timekeep_exec, exec_type, vendor_file_type, file_type;
|
type timekeep_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
|
||||||
init_daemon_domain(timekeep)
|
init_daemon_domain(timekeep)
|
||||||
|
|
||||||
allow timekeep self:capability {
|
# Grant permission to set system time and to set the real-time lock
|
||||||
fowner
|
allow timekeep self:capability { fowner sys_time };
|
||||||
fsetid
|
|
||||||
sys_time
|
|
||||||
dac_override
|
|
||||||
dac_read_search
|
|
||||||
};
|
|
||||||
|
|
||||||
allow timekeep time_data_file:file create_file_perms;
|
allow timekeep time_data_file:file create_file_perms;
|
||||||
allow timekeep time_data_file:dir create_dir_perms;
|
allow timekeep time_data_file:dir create_dir_perms;
|
||||||
|
|
Loading…
Reference in New Issue