From 2b7c98d72b967c22f168ce29734cdef69f1173e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cosme=20Dom=C3=ADnguez=20D=C3=ADaz?= <cosme.ddiaz@gmail.com>
Date: Mon, 8 Oct 2018 21:09:57 +0200
Subject: msm8996-common: sepolicy: Address time_daemon denials

avc: denied { write } for pid=673 comm="time_daemon" name="time" dev="sda10" ino=15159 scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { write } for pid=673 comm="time_daemon" name="time" dev="sda10" ino=15159 scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=673 comm="time_daemon" name="ats_15" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=673 comm="time_daemon" name="ats_15" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=673 comm="time_daemon" name="ats_15" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=file permissive=1
avc: denied { create } for pid=673 comm="time_daemon" name="ats_15" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=file permissive=1
avc: denied { write } for pid=673 comm="time_daemon" name="time" dev="sda10" ino=15159 scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { write } for pid=673 comm="time_daemon" name="time" dev="sda10" ino=15159 scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=673 comm="time_daemon" name="ats_2" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { add_name } for pid=673 comm="time_daemon" name="ats_2" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=dir permissive=1
avc: denied { create } for pid=673 comm="time_daemon" name="ats_2" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=file permissive=1
avc: denied { create } for pid=673 comm="time_daemon" name="ats_2" scontext=u:r:time_daemon:s0 tcontext=u:object_r:time_data_file:s0 tclass=file permissive=1
---
 sepolicy/time_daemon.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sepolicy')

diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
index 3896a0a..d8a8394 100644
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
@@ -1,5 +1,5 @@
 allow time_daemon sysfs_msm_subsys:dir search;
 allow time_daemon sysfs_msm_subsys:file { getattr open read setattr };
 allow time_daemon sysfs_soc:dir search;
-allow time_daemon time_data_file:file { open read write };
-allow time_daemon time_data_file:dir search;
+allow time_daemon time_data_file:file create_file_perms;
+allow time_daemon time_data_file:dir rw_dir_perms;
-- 
cgit v1.2.3