From 711908e60b0c07416309018cc4a95df7d9c200de Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Thu, 12 Jul 2018 11:44:31 -0700
Subject: [PATCH] vold: not allowed to read sysfs_batteryinfo

It doesn't need to read batteryinfo to function properly.
Bug: 110891415
Test: builds and boots

Change-Id: I7f388180a25101bfd0c088291ef03a9bf8ba2b2c
---
 public/domain.te | 2 --
 public/vold.te   | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index 6f603a6e7..c6fc9f831 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1423,7 +1423,5 @@ full_treble_only(`
     -incidentd
     # TODO(b/110890430): remove this exception
     -perfprofd
-    # TODO(b/110891415, b/65643247): remove these exceptions
-    -vold
   } sysfs_batteryinfo:file { open read };
 ')
diff --git a/public/vold.te b/public/vold.te
index 06deefce3..481f48c92 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -13,7 +13,7 @@ userdebug_or_eng(`
   auditallow vold proc_net_type:{ dir file lnk_file } { getattr open read };
 ')
 
-r_dir_file(vold, sysfs_type)
+r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
 # XXX Label sysfs files with a specific type?
 allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
 allow vold sysfs_dm:file w_file_perms;
-- 
GitLab