Allow init to create & write to vibrator/trigger.

The write is here: https://android.googlesource.com/platform/system/core/+/master/rootdir/init.rc#257. Denials (on a device with the sysfs_vibrator label properly applied): denied { write } for name="vibrator" dev="sysfs" ino=49613 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir denied { write } for name="trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file denied { open } for path="/sys/devices/<redacted>/vibrator/trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file Bug: b/72643420 Test: Device boots, denials gone Change-Id: Ib50d9a8533303daccb1330685e3204bea3fbd8a8

Allow init to create & write to vibrator/trigger.
The write is here: https://android.googlesource.com/platform/system/core/+/master/rootdir/init.rc#257. Denials (on a device with the sysfs_vibrator label properly applied): denied { write } for name="vibrator" dev="sysfs" ino=49613 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir denied { write } for name="trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file denied { open } for path="/sys/devices/<redacted>/vibrator/trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file Bug: b/72643420 Test: Device boots, denials gone Change-Id: Ib50d9a8533303daccb1330685e3204bea3fbd8a8
5a570606 · Alan Stokes · f98cd4fa · 5a570606
Commit 5a570606 authored 7 years ago by Alan Stokes
--- a/public/init.te
+++ b/public/init.te
@@ -320,6 +320,14 @@ allow init {
  sysfs_zram
 }:file rw_file_perms;

+# Allow init to write to vibrator/trigger
+allow init sysfs_vibrator:file w_file_perms;
+
+# Creating files on sysfs is impossible so this isn't a threat.
+# We may write to a non-existent file to avoid conditional
+# init behavior.
+dontaudit init sysfs_vibrator:dir write;
+
 # init chmod/chown access to /sys files.
 allow init {
  sysfs_android_usb