From b5e50bed86cead7a4eb34127994461122f26395b Mon Sep 17 00:00:00 2001
From: Brian Duddie <bduddie@google.com>
Date: Wed, 19 Jul 2017 13:37:32 -0700
Subject: [PATCH] Allow sensors daemon to read hardware version files

Permit the sensors daemon to read files in /sys/devices/soc0, which is
used to identify the hardware revision it is running on, so it can
properly handle registry variations.

Addresses these denials (and more which would occur if only the blocked
operations were permitted):

type=1400 audit(2017551.030:4): avc: denied { getattr } for pid=805
comm="sensors.qcom" path="/sys/devices/soc0/hw_platform" dev="sysfs"
ino=50525 scontext=u:r:sensors:s0 tcontext=u:object_r:sysfs_soc:s0
tclass=file permissive=0

Bug: 63857630
Bug: 63901499
Test: confirm denials do not appear on boot, sanity check all sensors
provide data, run sensors CTS
Change-Id: I2ba59a21b22d09af03226d5993d80e1d868bf607
---
 sepolicy/vendor/sensors.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sepolicy/vendor/sensors.te b/sepolicy/vendor/sensors.te
index 1df6b3a0..d556c3e7 100644
--- a/sepolicy/vendor/sensors.te
+++ b/sepolicy/vendor/sensors.te
@@ -21,5 +21,7 @@ allow sensors sensors_vendor_data_file:file create_file_perms;
 allow sensors system_file:dir r_dir_perms;
 allow sensors sensors_device:chr_file rw_file_perms;
 
-allow sensors sysfs_soc:dir search;
+allow sensors sysfs_soc:dir r_dir_perms;
+allow sensors sysfs_soc:file r_file_perms;
+
 r_dir_file(sensors, sysfs_msm_subsys)