From ce8bc8b00e8f3f9cac8fe6a13f67c0676b66c443 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 19 Dec 2017 13:23:11 -0800
Subject: [PATCH] system_server: search permission to all of sysfs.

This will allow system_server to perfom path resolution on paths like:
/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm8998@0:qcom,pm8998_rtc/rtc

Fixes this denial:
avc: denied { search } for pid=947 comm=system_server
name=800f000.qcom,spmi dev=sysfs ino=19891
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir permissive=0 b/68003344

Bug: 68003344
Test: walleye boots without the denial above.
Change-Id: Ib282395124c7f2f554681fcc713b9afe189f441c
---
 private/system_server.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/private/system_server.te b/private/system_server.te
index 46becd0cb..6fb6142bf 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -267,6 +267,8 @@ allow system_server mac_perms_file: file r_file_perms;
 # Check SELinux permissions.
 selinux_check_access(system_server)
 
+allow system_server sysfs_type:dir search;
+
 r_dir_file(system_server, sysfs_android_usb)
 allow system_server sysfs_android_usb:file w_file_perms;
 
-- 
GitLab