From 55039509fd5c751f01df9ae7ee96337cd0cab7a2 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Mon, 18 Dec 2017 14:44:37 -0800
Subject: [PATCH] init: tighten sysfs_type permissions

Removes open, read, setattr permissions to sysfs_type.
Adds explicit permissions to:
sysfs_dt_firmware_android
sysfs_vibrator
sysfs_wake_lock

Bug: 65643247
Test: walleye boots without denials to sysfs_type.
Change-Id: I2e344831655c2c8e8e48b07ecce6a2704f2a206a
---
 public/init.te | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/public/init.te b/public/init.te
index 3a2d66783..450afd84e 100644
--- a/public/init.te
+++ b/public/init.te
@@ -214,7 +214,7 @@ allow init {
   -contextmount_type
   -proc
   -sdcard_type
-  -sysfs
+  -sysfs_type
   -rootfs
 }:file { open read setattr };
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
@@ -304,6 +304,10 @@ allow init {
   sysfs_zram
 }:file w_file_perms;
 
+allow init {
+  sysfs_dt_firmware_android
+}:file r_file_perms;
+
 # init chmod/chown access to /sys files.
 allow init {
   sysfs_android_usb
@@ -312,6 +316,8 @@ allow init {
   sysfs_leds
   sysfs_lowmemorykiller
   sysfs_power
+  sysfs_vibrator
+  sysfs_wake_lock
 }:file setattr;
 
 # Set usermodehelpers.
-- 
GitLab