SELinux policy for 'nativeperms'. Bug: 25663983 Change-Id: I5fb5471fefe5bbf1fb23018dc0fa1978c018ec33

commit: 577c356c38f433b63d949e28d5a0bf3faa8555b4 [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@google.com> Wed Apr 13 11:28:16 2016 -0700
committer: Jorge Lucangeli Obes <jorgelo@google.com> Wed Apr 13 22:46:10 2016 +0000
tree: 37be56d2f8f3d3f9c7e78b97330f272cc1e1c7bb
parent: 995ffbc13ec44cfb2e4f953ecb07145d81b20585 [diff]
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c135932..e583c69 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts

@@ -50,8 +50,10 @@
 /data/misc/fake-nvram(/.*)? u:object_r:fake-nvram_data_file:s0
 /system/bin/fake-nvram      u:object_r:fake-nvram_exec:s0
 
-/system/bin/nativepowerman u:object_r:nativepowerman_exec:s0
-/sys/power/state           u:object_r:sysfs_power_state:s0
+/system/bin/nativepowerman  u:object_r:nativepowerman_exec:s0
+/sys/power/state            u:object_r:sysfs_power_state:s0
+
+/system/bin/nativeperms     u:object_r:nativeperms_exec:s0
 
 # Defining the contexts for shill.
 /system/bin/shill                              u:object_r:shill_exec:s0

diff --git a/sepolicy/nativeperms.te b/sepolicy/nativeperms.te
new file mode 100644
index 0000000..1e1d0f1
--- /dev/null
+++ b/sepolicy/nativeperms.te

@@ -0,0 +1,10 @@
+# nativeperms.
+type nativeperms, domain;
+type nativeperms_exec, exec_type, file_type;
+
+brillo_domain(nativeperms)
+
+# Allow crash_reporter access to core dump files.
+allow_crash_reporter(nativeperms)
+
+allow nativeperms permission_service:service_manager { add find };
commit	577c356c38f433b63d949e28d5a0bf3faa8555b4	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@google.com>	Wed Apr 13 11:28:16 2016 -0700
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Wed Apr 13 22:46:10 2016 +0000
tree	37be56d2f8f3d3f9c7e78b97330f272cc1e1c7bb
parent	995ffbc13ec44cfb2e4f953ecb07145d81b20585 [diff]