selinux: Fix healthd's access to /dev nodes

Our healthd's support for power-on alarms adds some steps that imply reading files its user doesn't own. Let it. Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
2014-11-27 22:54:43 +00:00 · 2014-11-27 22:54:43 +00:00 · d22efb80e1
commit d22efb80e1
parent 58f88184d5
2 changed files with 2 additions and 0 deletions
--- a/sepolicy/healthd.te
+++ b/sepolicy/healthd.te
@ -0,0 +1 @@
+allow healthd self:capability { dac_override dac_read_search };
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@ -13,6 +13,7 @@ BOARD_SEPOLICY_UNION += \
    seapp_contexts \
    service_contexts \
    auditd.te \
+    healthd.te \
    installd.te \
    netd.te \
    su.te \
				`@ -0,0 +1 @@`
				`allow healthd self:capability { dac_override dac_read_search };`