diff options
| author | c457 <android.c357@gmail.com> | 2017-02-02 00:52:43 -0600 |
|---|---|---|
| committer | c457 <android.c357@gmail.com> | 2017-02-02 21:33:10 -0600 |
| commit | ca2989c9312d57bf07a51ea5b94af9db82ed504f (patch) | |
| tree | 4527aeded319a6c00d5c684d6ac240d6bd49e2d8 | |
| parent | b085ad474fb885364804aebd242b9a84c54bed49 (diff) | |
sepolicy: Address time_daemon denial
| -rw-r--r-- | sepolicy/property.te | 1 | ||||
| -rw-r--r-- | sepolicy/property_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/time_daemon.te | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/sepolicy/property.te b/sepolicy/property.te new file mode 100644 index 0000000..720a23f --- /dev/null +++ b/sepolicy/property.te @@ -0,0 +1 @@ +type bootstat_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts new file mode 100644 index 0000000..8d9f383 --- /dev/null +++ b/sepolicy/property_contexts @@ -0,0 +1 @@ +persist.sys.bootstat u:object_r:bootstat_prop:s0 diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te index f5327ba..18b6749 100644 --- a/sepolicy/time_daemon.te +++ b/sepolicy/time_daemon.te @@ -1,2 +1,3 @@ allow time_daemon property_socket:sock_file write; allow time_daemon init:unix_stream_socket connectto; +set_prop(time_daemon, bootstat_prop) |