onyx: Grant rmt_storage proper unix perms

Do not grant DAC override permission which would allow this daemon unix permissions to everything. avc: denied { dac_override } for pid=2664 comm="rmt_storage" capability=1 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 Add wakelock group to access: /sys/power/wake_lock -rw-rw---- 1 radio wakelock 4096 2017-06-28 00:37 wake_unlock Change-Id: Ib02b4aedab479f5ad8aca3a2100b5c489397002a
author: Bruno Martins <bgcngm@gmail.com> 2017-06-29 08:47:55 +0000
committer: Subhrajyoti Sen <subhrajyoti12@gmail.com> 2017-11-07 15:31:18 +0000
commit: 03d8969e1b35606fabb81e6eaec6172785246b69 (patch)
tree: ba178c50a80de7eabbe3b4f978c95f7afe4ec3f6
parent: b82aef0bcee4636377abdd15c32d0a4b76178c30 (diff)
2 files changed, 1 insertions, 1 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index 36e272d..1bca160 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -399,6 +399,7 @@ on property:hw.fm.init=0
 service rmt_storage /system/bin/rmt_storage
     class core
     user root
+    group system wakelock
 
 service rfs_access /system/bin/rfs_access
     class core
diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
index 9c0bfc6..b091b80 100644
--- a/sepolicy/rmt_storage.te
+++ b/sepolicy/rmt_storage.te
@@ -1,4 +1,3 @@
 # Allow rmt_storage to backup/restore NV contents
 allow rmt_storage nvbackup_block_device:blk_file rw_file_perms;
 allow rmt_storage ssd_device:blk_file rw_file_perms;
-allow rmt_storage self:capability dac_override;
author	Bruno Martins <bgcngm@gmail.com>	2017-06-29 08:47:55 +0000
committer	Subhrajyoti Sen <subhrajyoti12@gmail.com>	2017-11-07 15:31:18 +0000
commit	03d8969e1b35606fabb81e6eaec6172785246b69 (patch)
tree	ba178c50a80de7eabbe3b4f978c95f7afe4ec3f6
parent	b82aef0bcee4636377abdd15c32d0a4b76178c30 (diff)