cm: SELinux policy for persistent properties API
* Set up persistent properties for devices with a /persist partition.
Change-Id: I78974dd4e25831338462c91fc25e36e343795510
diff --git a/prebuilt/common/etc/init.local.rc b/prebuilt/common/etc/init.local.rc
index 9aca52e..9f1ef0d 100644
--- a/prebuilt/common/etc/init.local.rc
+++ b/prebuilt/common/etc/init.local.rc
@@ -103,6 +103,9 @@
setprop net.tcp.usercfg.wifi 1
setprop net.tcp.usercfg.lte 1
+# Persistent properties (only created if persist exists)
+ mkdir /persist/properties 0770 system system
+
# Configure IO scheduler
on property:sys.io.scheduler=*
write /sys/block/mmcblk0/queue/scheduler ${sys.io.scheduler}
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 4bbe1b5..a07d48a 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -8,3 +8,6 @@
# Recovery's "cache"
type recovery_cache_file, file_type, mlstrustedobject;
+
+# Persistent property storage
+type persist_property_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index aaba766..f474d95 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -25,3 +25,6 @@
#############
# Expansion of these hooks is a bit unconventional
/cache/com.cyanogenmod.keyhandler.dex u:object_r:dalvikcache_data_file:s0
+
+# Persistent properties
+/persist/properties u:object_r:persist_property_file:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 4728a44..b6a65ee 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,2 +1,6 @@
allow system_server recovery_cache_file:dir rw_dir_perms;
allow system_server recovery_cache_file:file create_file_perms;
+
+# Persistent properties
+allow system_server persist_property_file:dir rw_dir_perms;
+allow system_server persist_property_file:file { create_file_perms unlink };