From eb252fd433ad69882237c8df07dab9bbbc374e9a Mon Sep 17 00:00:00 2001 From: Max Bires Date: Tue, 4 Apr 2017 13:47:00 -0700 Subject: [PATCH] Adding file_contexts to fix hal_bluetooth Handles denials of the following sort where hal_bluetooth didn't have access to the directories in sysfs that it needed denied { write } for comm="android.hardwar" name="extldo" dev="sysfs" ino=44059 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file Bug: 34784662 Test: hal_bluetooth denials are cleaned up Change-Id: I7cc01fbc1c6414a871e6b0a3b3c95e17a3cd1d99 --- sepolicy/file_contexts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 066e3168..f6acab76 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -61,7 +61,9 @@ # files in sysfs /sys/class/uio(/.*)? u:object_r:sysfs_uio:s0 -sys/devices/bt_wcn[0-9]+/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 +/sys/class/rfkill(/.*)? u:object_r:sysfs_bluetooth_writable:s0 +/sys/devices/bt_wcn3990/rfkill(/.*)? u:object_r:sysfs_bluetooth_writable:s0 +/sys/devices/bt_wcn3990/extldo u:object_r:sysfs_bluetooth_writable:s0 /sys/devices/soc/a1800000\.qcom,rmtfs_rtel_sharedmem(/.*)? u:object_r:sysfs_rmtfs:s0 /sys/devices/soc/800f000\.qcom,spmi(/.*)? u:object_r:sysfs_msm_subsys:s0 /sys/devices/soc/4080000\.qcom,mss(/.*)? u:object_r:sysfs_msm_subsys:s0