From 8d021a9496aebfadb0113f3d4f45e3331fbde7fa Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 28 Aug 2017 14:30:26 -0700
Subject: [PATCH] Allow all domains to stat symlinks in sysfs

This is needed to retain app's previous access to
/sys/devices/system/cpu. When these files were previously
labeled in file_contexts, symlinks were labeled as
sysfs_devices_system_cpu. When labeling was moved to genfs_contexts
symlinks all have the default sysfs label.

avc: denied { getattr } for comm="main"
path="/sys/devices/system/cpu/cpu0/cpufreq" dev="sysfs" ino=41897
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0

Change-Id: Idaa565390bca13d3819e147fcea4214956c0f589
Bug: 64270911
Test: build aosp_marlin
---
 public/domain.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/domain.te b/public/domain.te
index 7e1d6c280..5b1f1a889 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -143,8 +143,8 @@ full_treble_only(`
     allow { domain -coredomain } vendor_file_type:lnk_file { getattr read };
 ')
 
-# read any sysfs symlinks
-allow domain sysfs:lnk_file read;
+# read and stat any sysfs symlinks
+allow domain sysfs:lnk_file { getattr read };
 
 # libc references /data/misc/zoneinfo for timezone related information
 # This directory is considered to be a VNDK-stable
-- 
GitLab