Merge "watchdog security policy."
diff --git a/device.te b/device.te
index 7818ce8..ecb7c10 100644
--- a/device.te
+++ b/device.te
@@ -41,6 +41,7 @@
type ion_device, dev_type;
type gps_device, dev_type;
type qtaguid_device, dev_type;
+type watchdog_device, dev_type;
# All devices have a uart for the hci
# attach service. The uart dev node
diff --git a/file_contexts b/file_contexts
index 3b207c9..c47b44b 100644
--- a/file_contexts
+++ b/file_contexts
@@ -104,6 +104,7 @@
/dev/urandom u:object_r:urandom_device:s0
/dev/vcs[0-9a-z]* u:object_r:vcs_device:s0
/dev/video[0-9]* u:object_r:video_device:s0
+/dev/watchdog u:object_r:watchdog_device:s0
/dev/xt_qtaguid u:object_r:qtaguid_device:s0
/dev/zero u:object_r:zero_device:s0
#############################
diff --git a/watchdogd.te b/watchdogd.te
new file mode 100644
index 0000000..18824cc
--- /dev/null
+++ b/watchdogd.te
@@ -0,0 +1,8 @@
+# watchdogd seclabel is specified in init.<board>.rc
+type watchdogd, domain;
+allow watchdogd rootfs:file { entrypoint r_file_perms };
+allow watchdogd self:capability mknod;
+allow watchdogd device:dir { add_name write remove_name };
+allow watchdogd watchdog_device:chr_file rw_file_perms;
+# because of /dev/__kmsg__ and /dev/__null__
+allow watchdogd device:chr_file create_file_perms;
