diff options
author | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-11-27 22:54:43 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2014-11-27 22:57:21 +0000 |
commit | d22efb80e1bd1aea3710041fd6cd9b0dfd808149 (patch) | |
tree | 9701d0a526234c821f0ffc1b6da310d8a1bfb4c1 /sepolicy | |
parent | 58f88184d585c70b6c12599215e2a618663487ca (diff) | |
download | vendor_replicant-d22efb80e1bd1aea3710041fd6cd9b0dfd808149.zip vendor_replicant-d22efb80e1bd1aea3710041fd6cd9b0dfd808149.tar.gz vendor_replicant-d22efb80e1bd1aea3710041fd6cd9b0dfd808149.tar.bz2 |
selinux: Fix healthd's access to /dev nodes
Our healthd's support for power-on alarms adds some steps that imply
reading files its user doesn't own. Let it.
Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/healthd.te | 1 | ||||
-rw-r--r-- | sepolicy/sepolicy.mk | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te new file mode 100644 index 0000000..4711cf5 --- /dev/null +++ b/sepolicy/healthd.te @@ -0,0 +1 @@ +allow healthd self:capability { dac_override dac_read_search }; diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 309d13c..9998bf4 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -13,6 +13,7 @@ BOARD_SEPOLICY_UNION += \ seapp_contexts \ service_contexts \ auditd.te \ + healthd.te \ installd.te \ netd.te \ su.te \ |