From 768059d27a85eb9be40b6c9570193d9a9cb8ba72 Mon Sep 17 00:00:00 2001
From: Steven Lay <arbiter1000@gmail.com>
Date: Thu, 20 Jul 2017 09:05:34 +0000
Subject: shinano-common: fix selinux denial in credmgrd

Fixes the denial:
avc: denied { append } for pid=327 comm="credmgrfirstboo" name=
"credmgr.log" dev="mmcblk0p24" ino=12 scontext=u:r:credmgrd:s0
tcontext=u:object_r:cache_file:s0 tclass=file permissive=0

Also fixes issue with camera not working on first boot on aries.

Change-Id: I726ff6a30745929f01f62d8504e0e0621e414ad7
---
 sepolicy/credmgrd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index 5383834..78db47a 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -59,7 +59,7 @@ allow credmgrd ion_device:chr_file { ioctl open read };
 
 #============= credmgr init script ==============
 allow credmgrd cache_file:dir { add_name search };
-allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd cache_file:file { append create getattr open read unlink write };
 allow credmgrd credmgrd_data_file:dir { add_name getattr relabelto reparent rename rmdir search };
 allow credmgrd credmgrd_data_file:file { append getattr open read unlink write };
 allow credmgrd credmgrd_prop:property_service set;
-- 
cgit v1.2.3