From 5a570606ec790d543b2cc06e3dea0b8391d99869 Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Fri, 23 Feb 2018 18:20:31 +0000
Subject: [PATCH] Allow init to create & write to vibrator/trigger.

The write is here: https://android.googlesource.com/platform/system/core/+/master/rootdir/init.rc#257.

Denials (on a device with the sysfs_vibrator label properly applied):
denied { write } for name="vibrator" dev="sysfs" ino=49613 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir
denied { write } for name="trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file
denied { open } for path="/sys/devices/<redacted>/vibrator/trigger" dev="sysfs" ino=49620 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=file

Bug: b/72643420
Test: Device boots, denials gone

Change-Id: Ib50d9a8533303daccb1330685e3204bea3fbd8a8
---
 public/init.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/public/init.te b/public/init.te
index f8a22b9cd..0b1e86c5c 100644
--- a/public/init.te
+++ b/public/init.te
@@ -320,6 +320,14 @@ allow init {
   sysfs_zram
 }:file rw_file_perms;
 
+# Allow init to write to vibrator/trigger
+allow init sysfs_vibrator:file w_file_perms;
+
+# Creating files on sysfs is impossible so this isn't a threat.
+# We may write to a non-existent file to avoid conditional
+# init behavior.
+dontaudit init sysfs_vibrator:dir write;
+
 # init chmod/chown access to /sys files.
 allow init {
   sysfs_android_usb
-- 
GitLab