From 3914ca04bdd3b080449d1f71c014c2d1939ad387 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Tue, 25 Apr 2017 16:00:49 -0700
Subject: [PATCH] Putting system_server into permissive.

System_server is attempting to access a .so that is currently labeled as
a vendor file, which is messing up the ability of anything on the device
to interact with sensor services. This will temporarily be put into
permissive until the .so can be properly relabeled.

Denial:
denied { execute } for pid=1380 comm="system_server" path="/vendor/li
b64/liblocation_api.so" dev="sda20" ino=929
scontext=u:r:system_server:s0 tcontext=u:object_r:vendor_file:s0
tclass=file

Bug: 37675139
Bug: 37669506
Test: adb shell dumpsys sensorservice works as expected
Change-Id: Ia13641dfaf4ab65f9060dc35b3778b9c88fb0242
---
 sepolicy/system_server.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 95e4af50..ef15cda9 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -19,6 +19,10 @@ allow system_server location_data_file:dir create_dir_perms;
 allow system_server location_data_file:file create_file_perms;
 allow system_server wlan_device:chr_file rw_file_perms;
 
+userdebug_or_eng(`
+  permissive system_server;
+')
+
 # TODO(b/30675296): Remove following dontaudit's upon resolution of this bug
 # The timerslack_ns denials spam the system really horribly
 dontaudit system_server audioserver:file write;