From 64ff9e9523bcfe69fa7847487e327aaa6b144b7b Mon Sep 17 00:00:00 2001
From: Yongqin Liu <yongqin.liu@linaro.org>
Date: Wed, 9 May 2018 21:12:50 +0800
Subject: [PATCH] domain.te & kernel.te: allow kernel to write
 nativetest_data_file

to workaround some VTS VtsKernelLtp failures introduced by
change on vfs_iter_write here:
https://android.googlesource.com/kernel/hikey-linaro/+/abbb65899aecfc97bda64b6816d1e501754cfe1f%5E%21/#F3

for discussion please check threads here:
https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg03348.html

Sandeep suggest to re-order the events in that thread,
that should be the right solution,
this change is only a tempory workaround before that change.

Test: manually with -m VtsKernelLtp -t VtsKernelLtp#fs.fs_fill_64bit

Change-Id: I3f46ff874d3dbcc556cfbeb27be21878574877d1
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
---
 public/domain.te | 2 +-
 public/kernel.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index 7e41e964e..cef538fd3 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -466,7 +466,7 @@ neverallow {
 }:file no_x_file_perms;
 
 # The test files and executables MUST not be accessible to any domain
-neverallow domain nativetest_data_file:file_class_set no_w_file_perms;
+neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms;
 neverallow domain nativetest_data_file:dir no_w_dir_perms;
 neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
 
diff --git a/public/kernel.te b/public/kernel.te
index c8521e329..b7a351cc8 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -69,7 +69,7 @@ allow kernel asec_image_file:file read;
 # and for LTP kernel tests (b/73220071)
 userdebug_or_eng(`
   allow kernel update_engine_data_file:file read;
-  allow kernel nativetest_data_file:file read;
+  allow kernel nativetest_data_file:file { read write };
 ')
 
 # Access to /data/media.
-- 
GitLab