From a93a1e38e1b017147265ec4527504450f5e548f5 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Mon, 16 Oct 2017 16:19:47 -0700
Subject: [PATCH] Re-add access to /sys/class/android_usb.

Access to /sys/class/android_usb/ was lost when that dir received a new
label sysfs_android_usb.

Bug: 65643247
Test: can enter recovery mode and sideload through usb  without denials to /sys
Change-Id: I22821bab9833b832f13e0c45ff8da4dae115fa4d
---
 public/recovery.te | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/public/recovery.te b/public/recovery.te
index 5f7a47516..ee5f12576 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -55,10 +55,11 @@ recovery_only(`
   # Read kernel config through libvintf for OTA matching
   allow recovery config_gz:file { open read getattr };
 
-  # Write to /sys/class/android_usb/android0/enable.
-  # TODO: create more specific label?
   r_dir_file(recovery, sysfs)
-  allow recovery sysfs:file w_file_perms;
+
+  # Write to /sys/class/android_usb/android0/enable.
+  r_dir_file(recovery, sysfs_android_usb)
+  allow recovery sysfs_android_usb:file w_file_perms;
 
   # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq.
   allow recovery sysfs_devices_system_cpu:file w_file_perms;
-- 
GitLab