From 912f3c10b330a474a61c63476970beaac367be13 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 10 May 2016 11:25:33 -0700
Subject: [PATCH] allow init to read symlinks in sys

avc: denied { read } for name="device" dev="sysfs" ino=36099 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_rmtfs:s0 tclass=lnk_file

init is already allowed to read directories, this is an obvious omission.

Change-Id: I5131a84bb67e73aaed235c3cbab95c365eaaa2f0
---
 init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/init.te b/init.te
index 747f771bf..9a7fde755 100644
--- a/init.te
+++ b/init.te
@@ -199,6 +199,7 @@ allow init self:capability sys_boot;
 
 # Write to sysfs nodes.
 allow init sysfs_type:dir r_dir_perms;
+allow init sysfs_type:lnk_file read;
 allow init sysfs_type:file w_file_perms;
 
 # disksize
-- 
GitLab