From ee7960c05d5db8202dc8d16dc48aa12d629e36c2 Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Tue, 22 Nov 2016 13:53:01 -0800
Subject: [PATCH] recovery.te: Allow writing to sysfs_devices_system_cpu.

recovery (update_binary) may need to set up cpufreq during an update.

avc:  denied  { write } for  pid=335 comm="update_binary" name="scaling_max_freq" dev="sysfs" ino=7410 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0

Bug: 32463933
Test: Build a recovery image and apply an OTA package that writes to
      /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq.

Change-Id: Ia90af9dd15e162dd94bcd4722b66aa296e3058c5
---
 public/recovery.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/recovery.te b/public/recovery.te
index bd701d99e..32601e39a 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -51,6 +51,9 @@ recovery_only(`
   # TODO: create more specific label?
   allow recovery sysfs:file w_file_perms;
 
+  # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq.
+  allow recovery sysfs_devices_system_cpu:file w_file_perms;
+
   allow recovery sysfs_batteryinfo:file r_file_perms;
 
   allow recovery kernel:system syslog_read;
-- 
GitLab