HACK: hikey: Add system_server sepolicy rules to allow /proc/tid/timerslack_ns access
With the new /proc/<tid>/timerslack_ns interface, the system_server
needs to be able to write to that value. However, currently the
selinux policy seems to prevent this.
Using "adb logcat -d | audit2allow -p <sepolicy file>" I got the following
suggestions which I've added here.
I suspect there is a better way to limit write access to just the
timerslack_ns file, but I'm no selinux expert.
Suggestions would be welcome.
We should remove this after a proper solution is in /system/sepolicy/system_server.te
Change-Id: I1bc3a8f4a4f663131977fe6fc2c8afa309b7a7c0
Signed-off-by: John Stultz <john.stultz@linaro.org>
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
new file mode 100644
index 0000000..1af6fc9
--- /dev/null
+++ b/sepolicy/system_server.te
@@ -0,0 +1,6 @@
+# For writing to /proc/<tid>/timerslack_ns (XXX - this is probably wrong)
+allow system_server priv_app:file write;
+allow system_server untrusted_app:file write;
+allow system_server platform_app:file write;
+allow system_server system_app:file write;
+allow system_server isolated_app:file write;
