From 72edbb3e831c8230096a8a0dd4f0870ea52cd719 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 27 Apr 2018 13:46:34 -0700
Subject: [PATCH] Audit generic debugfs access for removal

Bug: 78784387
Test: adb bugreport with no "granted" messages.
Change-Id: Iaea67f356a47a9fbf6b8649fc8e8dad772996ba7
---
 private/system_server.te | 1 +
 public/dumpstate.te      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/private/system_server.te b/private/system_server.te
index da06de032..bdf0f24d7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -137,6 +137,7 @@ allow system_server stats_data_file:file unlink;
 
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs:file r_file_perms;
+auditallow system_server debugfs:file r_file_perms;
 allow system_server debugfs_wakeup_sources:file r_file_perms;
 
 # The DhcpClient and WifiWatchdog use packet_sockets
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 2602552ba..2857caef8 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -93,6 +93,7 @@ allow dumpstate {
 
 # Other random bits of data we want to collect
 allow dumpstate debugfs:file r_file_perms;
+auditallow dumpstate debugfs:file r_file_perms;
 
 # df for
 allow dumpstate {
-- 
GitLab