From 016e0751084f5c2a2256e08f8ba88b67582ad82d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Brey?= <alvaro.brv@gmail.com>
Date: Mon, 13 Mar 2017 21:43:02 +0100
Subject: [PATCH] sepolicy: address some denials.

Closes #42
---
 sepolicy/log.te           | 2 ++
 sepolicy/system_server.te | 2 ++
 sepolicy/zygote.te        | 1 +
 3 files changed, 5 insertions(+)

diff --git a/sepolicy/log.te b/sepolicy/log.te
index 2e9f1eb..6a1fe9f 100644
--- a/sepolicy/log.te
+++ b/sepolicy/log.te
@@ -1 +1,3 @@
 allow logd unlabeled:dir search;
+allow logd self:capability { dac_override dac_read_search };
+
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index fcc0fce..0cbb3e8 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -4,4 +4,6 @@ allow system_server proc_touchpanel:file rw_file_perms;
 allow system_server sensors_persist_file:file r_file_perms;
 allow system_server sensors_persist_file:dir search;
 allow system_server proc_stat:file r_file_perms;
+allow system_server unlabeled:file unlink;
 get_prop(system_server, diag_prop);
+
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 32f3157..cb230af 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,2 +1,3 @@
 allow zygote input_device:dir r_dir_perms;
 allow zygote input_device:chr_file rw_file_perms;
+allow zygote self:capability sys_nice;