From 9add1f039bfd29649330e716246c01b3239bd362 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 8 May 2014 13:18:52 -0400
Subject: [PATCH] Add sysfs_type attribute to sysfs, coalesce ueventd rules.

As per the discussion in:
https://android-review.googlesource.com/#/c/92903/

Add sysfs_type attribute to sysfs type so that it is included
in rules on sysfs_type, allow setattr to all sysfs_type for ueventd
for chown/chmod, and get rid of redundant rules.

Change-Id: I1228385d5703168c3852ec75605ed8da7c99b83d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 file.te    | 2 +-
 ueventd.te | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/file.te b/file.te
index b1a1e24e9..4f75d379d 100644
--- a/file.te
+++ b/file.te
@@ -14,7 +14,7 @@ type proc_net, fs_type;
 type proc_sysrq, fs_type;
 type selinuxfs, fs_type;
 type cgroup, fs_type, mlstrustedobject;
-type sysfs, fs_type, mlstrustedobject;
+type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/ueventd.te b/ueventd.te
index 66e70e874..f02b899df 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -11,10 +11,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs:file setattr;
-allow ueventd sysfs:file relabelfrom;
-allow ueventd sysfs_type:file { relabelfrom relabelto };
-allow ueventd sysfs_devices_system_cpu:file {rw_file_perms setattr};
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;
 allow ueventd dev_type:lnk_file { create unlink };
-- 
GitLab