b9a1d97191
* SE policies are imported and modified from https://github.com/sonyxperiadev/device-sony-sepolicy. Modifications are needed because qcom legacy policy contains conflicting labels and rules. Change-Id: Id04a824dea69976f6fc9d48bef77859cc82971ed
26 lines
1.0 KiB
Plaintext
26 lines
1.0 KiB
Plaintext
# Policy for the TimeKeep Java app. It listens to a BootReceiver
|
|
# or TIME_SET event and calculates the offset between the rtc clock
|
|
# in /sys/class/rtc0/since_epoch and the current device time and stores that
|
|
# value in /data/vendor/time/ats_2 and as persist.vendor.timeadjust.
|
|
type timekeep_app, domain;
|
|
|
|
app_domain(timekeep_app)
|
|
|
|
# Needed to get access to /data/data/com.sony.timekeep
|
|
# Only getattr and search are requested since TimeKeep does not write to its own directory
|
|
# /data/data/com.sony.timekeep only has two empty subdirs
|
|
dontaudit timekeep_app app_data_file:dir { getattr search };
|
|
|
|
allow timekeep_app activity_service:service_manager find;
|
|
|
|
# Read from /data/vendor/time/ats_2
|
|
allow timekeep_app time_data_file:dir create_dir_perms;
|
|
allow timekeep_app time_data_file:file create_file_perms;
|
|
|
|
# Read /sys/class/rtc/rtc0/since_epoch
|
|
allow timekeep_app sysfs_rtc:dir { search };
|
|
allow timekeep_app sysfs_rtc:{ file lnk_file } r_file_perms;
|
|
|
|
# Set the persist.vendor.timeadjust property
|
|
set_prop(timekeep_app, vendor_timekeep_prop)
|