sepolicy: address some denials.

Closes #42
author: Álvaro Brey <alvaro.brv@gmail.com> 2017-03-13 21:43:02 +0100
committer: davidevinavil <davidevinavil@gmail.com> 2017-04-07 13:31:28 +0200
commit: 85b0f69ad2714c1d94e6142eb5505d73dc8c569a (patch)
tree: 712086899db36130f5336b1eb1518528a6bfe26e /sepolicy
parent: 4947558029cb6c3743aec9f9de93b58124838f55 (diff)
3 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/log.te b/sepolicy/log.te
index 2e9f1eb..6a1fe9f 100644
--- a/sepolicy/log.te
+++ b/sepolicy/log.te
@@ -1 +1,3 @@
 allow logd unlabeled:dir search;
+allow logd self:capability { dac_override dac_read_search };
+
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index fcc0fce..0cbb3e8 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -4,4 +4,6 @@ allow system_server proc_touchpanel:file rw_file_perms;
 allow system_server sensors_persist_file:file r_file_perms;
 allow system_server sensors_persist_file:dir search;
 allow system_server proc_stat:file r_file_perms;
+allow system_server unlabeled:file unlink;
 get_prop(system_server, diag_prop);
+
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 32f3157..cb230af 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,2 +1,3 @@
 allow zygote input_device:dir r_dir_perms;
 allow zygote input_device:chr_file rw_file_perms;
+allow zygote self:capability sys_nice;
author	Álvaro Brey <alvaro.brv@gmail.com>	2017-03-13 21:43:02 +0100
committer	davidevinavil <davidevinavil@gmail.com>	2017-04-07 13:31:28 +0200
commit	85b0f69ad2714c1d94e6142eb5505d73dc8c569a (patch)
tree	712086899db36130f5336b1eb1518528a6bfe26e /sepolicy
parent	4947558029cb6c3743aec9f9de93b58124838f55 (diff)