From 7466f9b69341e3d86b0242d8ad18ae98d22f05a2 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 12 Dec 2013 15:32:42 -0800
Subject: [PATCH] Label /data/misc/zoneinfo
And allow any SELinux domain to read these timezone
related files.
Addresses the following denial:
<5>[ 4.746399] type=1400 audit(3430294.470:7): avc: denied { open } for pid=197 comm="time_daemon" name="tzdata" dev="mmcblk0p28" ino=618992 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
Change-Id: Iff32465e62729d7aad8c79607848d89ce0aede86
---
domain.te | 3 +++
file.te | 1 +
file_contexts | 1 +
3 files changed, 5 insertions(+)
diff --git a/domain.te b/domain.te
index 701297f9d..3628f3236 100644
--- a/domain.te
+++ b/domain.te
@@ -89,6 +89,9 @@ allow domain cache_file:dir r_dir_perms;
allow domain cache_file:file { getattr read };
allow domain cache_file:lnk_file read;
+# Read timezone related information
+r_dir_file(domain, zoneinfo_data_file)
+
# For /acct/uid/*/tasks.
allow domain cgroup:dir { search write };
allow domain cgroup:file w_file_perms;
diff --git a/file.te b/file.te
index e4f0a1055..d0f79ac7a 100644
--- a/file.te
+++ b/file.te
@@ -65,6 +65,7 @@ type radio_data_file, file_type, data_file_type;
type systemkeys_data_file, file_type, data_file_type;
type vpn_data_file, file_type, data_file_type;
type wifi_data_file, file_type, data_file_type;
+type zoneinfo_data_file, file_type, data_file_type;
# Compatibility with type names used in vanilla Android 4.3 and 4.4.
typealias audio_data_file alias audio_firmware_file;
diff --git a/file_contexts b/file_contexts
index 529649960..45823ef38 100644
--- a/file_contexts
+++ b/file_contexts
@@ -180,6 +180,7 @@
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
+/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
# App sandboxes
/data/data/.* u:object_r:app_data_file:s0
--
GitLab