sepolicy: Add CAP_WAKE_ALARM to system_server.te With v4.8+ kernels, CAP_WAKE_ALARM is needed to set alarmtimers via timerfd (this change is likely to be backported to stable as well). However, with selinux enabled, we also need to allow the capability on the system_server so this enables it. Change-Id: I7cd64d587906f3fbc8a129d48a4db07373c74c7e Signed-off-by: John Stultz <john.stultz@linaro.org>

commit: 19b6485f5ed005f1ae9b5ba06b3baca4639a4c83 [log] [tgz]
author: John Stultz <john.stultz@linaro.org> Tue Aug 02 18:14:11 2016 -0700
committer: John Stultz <john.stultz@linaro.org> Tue Aug 02 20:15:44 2016 -0700
tree: b0c6be6590c9ca3c6ccc90437eee873e5b82a22d
parent: aa2aa21902e438f1fb20ee9e102ab6202cc36bf8 [diff]
diff --git a/system_server.te b/system_server.te
index a84812a..3bf6e4e 100644
--- a/system_server.te
+++ b/system_server.te

@@ -59,6 +59,9 @@
 # Trigger module auto-load.
 allow system_server kernel:system module_request;
 
+# Allow alarmtimers to be set
+allow system_server self:capability2 wake_alarm;
+
 # Use netlink uevent sockets.
 allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
commit	19b6485f5ed005f1ae9b5ba06b3baca4639a4c83	[log] [tgz]
author	John Stultz <john.stultz@linaro.org>	Tue Aug 02 18:14:11 2016 -0700
committer	John Stultz <john.stultz@linaro.org>	Tue Aug 02 20:15:44 2016 -0700
tree	b0c6be6590c9ca3c6ccc90437eee873e5b82a22d
parent	aa2aa21902e438f1fb20ee9e102ab6202cc36bf8 [diff]