am af47ebb6: Label /dev/fscklogs and allow system_server access to it.

* commit 'af47ebb67aa64d699615693bf4603ec173417175': Label /dev/fscklogs and allow system_server access to it.
2013-11-11 11:56:04 -08:00 · 2013-11-11 11:56:04 -08:00 · a9ccd7dce9
commit a9ccd7dce9
parent c1468d454e af47ebb67a
3 changed files with 7 additions and 0 deletions
--- a/device.te
+++ b/device.te
@ -15,6 +15,7 @@ type radio_device, dev_type;
 type ram_device, dev_type;
 type console_device, dev_type;
 type cpuctl_device, dev_type;
+type fscklogs, dev_type;
 type full_device, dev_type;
 type graphics_device, dev_type;
 type hw_random_device, dev_type;
--- a/1
+++ b/1
@ -45,6 +45,7 @@
 /dev/cpuctl(/.*)?	u:object_r:cpuctl_device:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
+/dev/fscklogs(/.*)?	u:object_r:fscklogs:s0
 /dev/full		u:object_r:full_device:s0
 /dev/fuse		u:object_r:fuse_device:s0
 /dev/graphics(/.*)?	u:object_r:graphics_device:s0
--- a/system_server.te
+++ b/system_server.te
@ -212,3 +212,8 @@ allow system_server hw_random_device:chr_file r_file_perms;

 # Access to wake locks
 allow system_server sysfs_wake_lock:file rw_file_perms;
+
+# Read and delete files under /dev/fscklogs.
+r_dir_file(system_server, fscklogs)
+allow system_server fscklogs:dir { write remove_name };
+allow system_server fscklogs:file unlink;