selinux: Fix healthd's access to /dev nodes

Our healthd's support for power-on alarms adds some steps that imply
reading files its user doesn't own. Let it.

Change-Id: I3d4735aaab8fbec7acc460f812bc21f1dfa516ab
This commit is contained in:
Ricardo Cerqueira 2014-11-27 22:54:43 +00:00 committed by Gerrit Code Review
parent 58f88184d5
commit d22efb80e1
2 changed files with 2 additions and 0 deletions

1
sepolicy/healthd.te Normal file
View file

@ -0,0 +1 @@
allow healthd self:capability { dac_override dac_read_search };

View file

@ -13,6 +13,7 @@ BOARD_SEPOLICY_UNION += \
seapp_contexts \
service_contexts \
auditd.te \
healthd.te \
installd.te \
netd.te \
su.te \