SELinux policy for 'nativeperms'.
Bug: 25663983
Change-Id: I5fb5471fefe5bbf1fb23018dc0fa1978c018ec33
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c135932..e583c69 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -50,8 +50,10 @@
/data/misc/fake-nvram(/.*)? u:object_r:fake-nvram_data_file:s0
/system/bin/fake-nvram u:object_r:fake-nvram_exec:s0
-/system/bin/nativepowerman u:object_r:nativepowerman_exec:s0
-/sys/power/state u:object_r:sysfs_power_state:s0
+/system/bin/nativepowerman u:object_r:nativepowerman_exec:s0
+/sys/power/state u:object_r:sysfs_power_state:s0
+
+/system/bin/nativeperms u:object_r:nativeperms_exec:s0
# Defining the contexts for shill.
/system/bin/shill u:object_r:shill_exec:s0
diff --git a/sepolicy/nativeperms.te b/sepolicy/nativeperms.te
new file mode 100644
index 0000000..1e1d0f1
--- /dev/null
+++ b/sepolicy/nativeperms.te
@@ -0,0 +1,10 @@
+# nativeperms.
+type nativeperms, domain;
+type nativeperms_exec, exec_type, file_type;
+
+brillo_domain(nativeperms)
+
+# Allow crash_reporter access to core dump files.
+allow_crash_reporter(nativeperms)
+
+allow nativeperms permission_service:service_manager { add find };