From d22efb80e1bd1aea3710041fd6cd9b0dfd808149 Mon Sep 17 00:00:00 2001
From: Ricardo Cerqueira <ricardo@cyngn.com>
Date: Thu, 27 Nov 2014 22:54:43 +0000
Subject: [PATCH] selinux: Fix healthd's access to /dev nodes

Our healthd's support for power-on alarms adds some steps that imply
reading files its user doesn't own. Let it.

Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
---
 sepolicy/healthd.te  | 1 +
 sepolicy/sepolicy.mk | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sepolicy/healthd.te

diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
new file mode 100644
index 00000000..4711cf5c
--- /dev/null
+++ b/sepolicy/healthd.te
@@ -0,0 +1 @@
+allow healthd self:capability { dac_override dac_read_search };
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 309d13cb..9998bf4e 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -13,6 +13,7 @@ BOARD_SEPOLICY_UNION += \
     seapp_contexts \
     service_contexts \
     auditd.te \
+    healthd.te \
     installd.te \
     netd.te \
     su.te \