xref: /device/google/marlin/sepolicy/time.te

# Policy for /system/bin/time_daemon
type time, domain;
type time_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(time)

allow time self:capability { setgid setuid sys_time };

allow time self:socket create_socket_perms;
allowxperm time self:socket ioctl msm_sock_ipc_ioctls;

# /sys/bus/msm_subsys
allow time sysfs:dir r_dir_perms;
r_dir_file(time, sysfs_msm_subsys)

allow time sysfs_soc:dir search;
allow time sysfs_soc:file r_file_perms;

typeattribute time data_between_core_and_vendor_violators;
allow time time_data_file:file create_file_perms;
allow time time_data_file:dir rw_dir_perms;

allow time rtc_device:chr_file r_file_perms;

# Set sys.time.set property
set_prop(time, sys_time_prop)

userdebug_or_eng(`
  allow time  diag_device:chr_file rw_file_perms;
')
dontaudit time diag_device:chr_file rw_file_perms;
dontaudit time unlabeled:dir search;