28 files changed, 171 insertions, 72 deletions

diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index b5cedf0..4529e3a 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -23,8 +23,8 @@
 #allow system_app unlabeled:file { lock open read write getattr };
 #
 ## /cache_file for dvb app creat update.zip file at /cache  dir
-#allow system_app cache_file:dir {create_dir_perms create_file_perms rw_file_perms};
-#allow system_app cache_file:file {create_file_perms rw_file_perms};
+allow system_app cache_file:dir { search add_name write };
+allow system_app cache_file:file { create getattr open write };
 #
 #allow system_app log_file:dir { search read open getattr };
 #allow system_app log_file:file { read open getattr };
@@ -42,7 +42,7 @@
 #allow system_app pppoe_wrapper_socket:file create;
 
 allow system_app cache_recovery_file:dir { search read open write add_name remove_name };
-allow system_app cache_recovery_file:file { create getattr open read write };
+allow system_app cache_recovery_file:file { create getattr open read write unlink  };
 
 allow system_app update_engine:binder {call transfer};
 #
@@ -55,8 +55,10 @@ allow system_app vendor_file:file { read open getattr execute };
 
 allow system_app system_app:netlink_kobject_uevent_socket { create };
 
-allow system_app update_data_file:dir { getattr search read write open add_name remove_name };
-allow system_app update_data_file:file { getattr write read create open unlink };
+allow system_app update_data_file:dir search;
+
+#allow system_app update_data_file:dir { getattr search read write open add_name remove_name };
+#allow system_app update_data_file:file { getattr write read create open unlink };
 
 allow system_app { pppoe_service subtitle_service }:service_manager { add };