Address healthd denials.

Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit ebc08e82) Change-Id: Ib72388cc2d192fe78397e3a2a401db08b5b6c267

Address healthd denials.
Resolve denials such as: avc: denied { write } for pid=130 comm="healthd" name="state" dev="sysfs" ino=57 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0 tclass=file avc: denied { read write } for pid=130 comm="healthd" name="tty0" dev="tmpfs" ino=5677 scontext=u:r:healthd:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit ebc08e82) Change-Id: Ib72388cc2d192fe78397e3a2a401db08b5b6c267
74ac8c33 · Stephen Smalley · Nick Kralevich · 157f4c43 · 74ac8c33
Commit 74ac8c33 authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago
--- a/healthd.te
+++ b/healthd.te
@@ -15,6 +15,10 @@ binder_use(healthd)
 binder_service(healthd)
 binder_call(healthd, system_server)
+# Write to state file.
+# TODO:  Split into a separate type?
+allow healthd sysfs:file write;
 ###
 ### healthd: charger mode
 ###
@@ -23,5 +27,6 @@ allow healthd graphics_device:dir r_dir_perms;
 allow healthd graphics_device:chr_file rw_file_perms;
 allow healthd input_device:dir r_dir_perms;
 allow healthd input_device:chr_file r_file_perms;
+allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
 allow healthd self:process execmem;