DO NOT MERGE Fake 29.0 sepolicy prebuilts
I took current AOSP policy as base, then removed sepolicy so that the
set of type and attributes was a subset of types and attributes in Q
sepolicy, with exception of those that have not yet been cleand up in
current AOSP:
mediaswcodec_server
netd_socket
mediaextractor_update_service
thermalserviced
thermalserviced_exec
Bug: 133196056
Test: n/a
Change-Id: I2cbe749777684146114c89e1e6fc3f07400c0ae5
diff --git a/prebuilts/api/29.0/public/tzdatacheck.te b/prebuilts/api/29.0/public/tzdatacheck.te
new file mode 100644
index 0000000..cf9b95d
--- /dev/null
+++ b/prebuilts/api/29.0/public/tzdatacheck.te
@@ -0,0 +1,18 @@
+# The tzdatacheck command run by init.
+type tzdatacheck, domain;
+type tzdatacheck_exec, system_file_type, exec_type, file_type;
+
+allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
+allow tzdatacheck zoneinfo_data_file:file unlink;
+
+# Below are strong assertion that only init, system_server and tzdatacheck
+# can modify the /data time zone rules directories. This is to make it very
+# clear that only these domains should modify the actual time zone rules data.
+# The tzdatacheck binary itself may be executed by shell for tests but it must
+# not be able to modify the real rules.
+# If other users / binaries could modify time zone rules on device this might
+# have negative implications for users (who may get incorrect local times)
+# or break assumptions made / invalidate data held by the components actually
+# responsible for updating time zone rules.
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms;
+neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms;