From 73025604d6d58f7be1cb21099cea22f0968aa810 Mon Sep 17 00:00:00 2001
From: Mimi Wu <mimiwu@google.com>
Date: Wed, 12 Feb 2020 14:47:56 +0800
Subject: [PATCH] sm6150-common: sepolicy: Add sepolicy for kernel to access
 /data/per_boot/zram_swap

type=1400 audit(1581485243.256:88): avc: denied { read } for comm="loop29" path="/data/per_boot/zram_swap" dev="dm-9" ino=9820 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I48d7684ce3b4ca1ada81011b1cab21007c758ba5
Signed-off-by: Mimi Wu <mimiwu@google.com>
---
 sepolicy/vendor/file.te       | 2 ++
 sepolicy/vendor/file_contexts | 3 +++
 sepolicy/vendor/kernel.te     | 1 +
 3 files changed, 6 insertions(+)
 create mode 100644 sepolicy/vendor/file.te
 create mode 100644 sepolicy/vendor/kernel.te

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
new file mode 100644
index 0000000..da8af9a
--- /dev/null
+++ b/sepolicy/vendor/file.te
@@ -0,0 +1,2 @@
+# Data files
+type per_boot_file, file_type, data_file_type, core_data_file_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 0a4bd0a..d1b9d46 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -4,6 +4,9 @@
 # Camera
 /mnt/vendor/persist/camera(/.*)?                                     u:object_r:camera_persist_file:s0
 
+# Data files
+/data/per_boot(/.*)?                                                 u:object_r:per_boot_file:s0
+
 # Display
 /dev/xiaomi-touch                                                    u:object_r:touchfeature_device:s0
 /sys/devices/platform/soc/[a-f0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/panel_info u:object_r:vendor_sysfs_graphics:s0
diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
new file mode 100644
index 0000000..ce22b84
--- /dev/null
+++ b/sepolicy/vendor/kernel.te
@@ -0,0 +1 @@
+allow kernel per_boot_file:file r_file_perms;