sepolicy: Add policies for time_daemon
Adds context for rtc device and rules fortime_daemon.
Change-Id: Ia7c68912f1327859d5f56db22543b4761535e81a
diff --git a/Android.mk b/Android.mk
index ee6a87d..6206979 100644
--- a/Android.mk
+++ b/Android.mk
@@ -43,7 +43,8 @@
mpdecision.te \
mm-qcamerad.te \
domain.te \
- init_shell.te
+ init_shell.te \
+ time_daemon.te
# Compile sensor pilicy only for SSC targets
SSC_TARGET_LIST := apq8084
diff --git a/common/file_contexts b/common/file_contexts
index adaebd0..9beb9e8 100755
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -64,6 +64,7 @@
/system/bin/thermal-engine u:object_r:thermal-engine_exec:s0
/system/bin/mm-qcamera-daemon u:object_r:mm-qcamerad_exec:s0
/system/rfs.* u:object_r:rfs_system_file:s0
+/system/bin/time_daemon u:object_r:time_daemon_exec:s0
###################################
# sysfs files
@@ -99,6 +100,7 @@
/data/rfs.* u:object_r:rfs_data_file:s0
/data/camera(/.*)? u:object_r:camera_socket:s0
/data/system/sensors(/.*)? u:object_r:sensors_data_file:s0
+/data/time/* u:object_r:time_data_file:s0
###################################
# persist files
diff --git a/common/time_daemon.te b/common/time_daemon.te
new file mode 100644
index 0000000..1a3d415
--- /dev/null
+++ b/common/time_daemon.te
@@ -0,0 +1,18 @@
+# Policies for time daemon
+type time_daemon, domain;
+type time_daemon_exec, exec_type, file_type;
+type time_data_file, file_type, data_file_type;
+
+# Make transition to its own time_daemon domain from init
+init_daemon_domain(time_daemon)
+
+# Add rules for access permissions
+#============= IOCTL operations ==============
+allow time_daemon rtc_device:chr_file { open read ioctl };
+allow time_daemon alarm_device:chr_file { open read write ioctl };
+
+#============= File read/write ==============
+allow time_daemon time_data_file:file { write create open read};
+allow time_daemon time_data_file:dir { write add_name search};
+allow time_daemon self:socket { write read create ioctl};
+allow time_daemon self:capability { setuid setgid };