16 lines
458 B
Plaintext
16 lines
458 B
Plaintext
type timekeep, domain;
|
|
type timekeep_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(timekeep)
|
|
|
|
# Grant permission to set system time and to set the real-time lock
|
|
allow timekeep self:capability { fowner sys_time };
|
|
|
|
allow timekeep time_data_file:file create_file_perms;
|
|
allow timekeep time_data_file:dir create_dir_perms;
|
|
|
|
allow timekeep sysfs_rtc:dir search;
|
|
allow timekeep sysfs_rtc:file r_file_perms;
|
|
|
|
set_prop(timekeep, timekeep_prop)
|