cm: SELinux policy for persistent properties API

 * Set up persistent properties for devices with a /persist partition.

Change-Id: I78974dd4e25831338462c91fc25e36e343795510

3 files changed, 10 insertions, 0 deletions

diff --git a/sepolicy/file.te b/sepolicy/file.te
index d44a050..91b89a3 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -11,3 +11,6 @@ type sysfs_devices_system_iosched, file_type, sysfs_type;
 
 # Recovery's "cache"
 type recovery_cache_file, file_type, mlstrustedobject;
+
+# Persistent property storage
+type persist_property_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 4f82c38..4c6baec 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -34,3 +34,6 @@
 
 # Lockscreen wallpaper
 /data/system/users/[0-9]+/keyguard_wallpaper   u:object_r:wallpaper_file:s0
+
+# Persistent properties
+/persist/properties         u:object_r:persist_property_file:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 4728a44..b6a65ee 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,2 +1,6 @@
 allow system_server recovery_cache_file:dir rw_dir_perms;
 allow system_server recovery_cache_file:file create_file_perms;
+
+# Persistent properties
+allow system_server persist_property_file:dir rw_dir_perms;
+allow system_server persist_property_file:file { create_file_perms unlink };