Label /data/misc/zoneinfo
And allow any SELinux domain to read these timezone
related files.
Addresses the following denial:
<5>[ 4.746399] type=1400 audit(3430294.470:7): avc: denied { open } for pid=197 comm="time_daemon" name="tzdata" dev="mmcblk0p28" ino=618992 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
Change-Id: Iff32465e62729d7aad8c79607848d89ce0aede86
diff --git a/domain.te b/domain.te
index 701297f..3628f32 100644
--- a/domain.te
+++ b/domain.te
@@ -89,6 +89,9 @@
allow domain cache_file:file { getattr read };
allow domain cache_file:lnk_file read;
+# Read timezone related information
+r_dir_file(domain, zoneinfo_data_file)
+
# For /acct/uid/*/tasks.
allow domain cgroup:dir { search write };
allow domain cgroup:file w_file_perms;
diff --git a/file.te b/file.te
index e4f0a10..d0f79ac 100644
--- a/file.te
+++ b/file.te
@@ -65,6 +65,7 @@
type systemkeys_data_file, file_type, data_file_type;
type vpn_data_file, file_type, data_file_type;
type wifi_data_file, file_type, data_file_type;
+type zoneinfo_data_file, file_type, data_file_type;
# Compatibility with type names used in vanilla Android 4.3 and 4.4.
typealias audio_data_file alias audio_firmware_file;
diff --git a/file_contexts b/file_contexts
index 5296499..45823ef 100644
--- a/file_contexts
+++ b/file_contexts
@@ -180,6 +180,7 @@
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
+/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
# App sandboxes
/data/data/.* u:object_r:app_data_file:s0