init: tighten sysfs_type permissions

Removes open, read, setattr permissions to sysfs_type. Adds explicit permissions to: sysfs_dt_firmware_android sysfs_vibrator sysfs_wake_lock Bug: 65643247 Test: walleye boots without denials to sysfs_type. Change-Id: I2e344831655c2c8e8e48b07ecce6a2704f2a206a

init: tighten sysfs_type permissions
Removes open, read, setattr permissions to sysfs_type. Adds explicit permissions to: sysfs_dt_firmware_android sysfs_vibrator sysfs_wake_lock Bug: 65643247 Test: walleye boots without denials to sysfs_type. Change-Id: I2e344831655c2c8e8e48b07ecce6a2704f2a206a
55039509 · Tri Vo · 40ed4283 · 55039509
Commit 55039509 authored 7 years ago by Tri Vo
--- a/public/init.te
+++ b/public/init.te
@@ -214,7 +214,7 @@ allow init {
  -contextmount_type
  -proc
  -sdcard_type
-  -sysfs
+  -sysfs_type
  -rootfs
 }:file { open read setattr };
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
@@ -304,6 +304,10 @@ allow init {
  sysfs_zram
 }:file w_file_perms;

+allow init {
+  sysfs_dt_firmware_android
+}:file r_file_perms;
+
 # init chmod/chown access to /sys files.
 allow init {
  sysfs_android_usb
@@ -312,6 +316,8 @@ allow init {
  sysfs_leds
  sysfs_lowmemorykiller
  sysfs_power
+  sysfs_vibrator
+  sysfs_wake_lock
 }:file setattr;

 # Set usermodehelpers.