From 522a8aefcfa28660a4b506ecefee88185ee7403e Mon Sep 17 00:00:00 2001
From: Jack Wu <wjack@google.com>
Date: Wed, 10 Mar 2021 12:23:34 +0800
Subject: [PATCH] hal_health_default: Fix avc denials

[    5.146740] type=1400 audit(1611123521.796:23): avc: denied { search } for comm="android.hardwar" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[    5.425436] type=1400 audit(1611123522.076:24): avc: denied { search } for comm="health@2.1-serv" name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1
[   29.943710] type=1400 audit(1611123546.592:483): avc: denied { write } for comm="health@2.1-serv" name="mode" dev="sysfs" ino=14741 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=1
01-20 14:18:41.796   656   656 I android.hardwar: type=1400 audit(0.0:23): avc: denied { search } for name="4-003c" dev="sysfs" ino=56632 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=dir permissive=1

Bug: 177966434
Test: Verify pass by checking device log are w/o above errors after
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: I576547e27dceb55fd768de2834e3bb0155857f56
---
 tracking_denials/hal_health_default.te          | 15 ---------------
 whitechapel/vendor/google/hal_health_default.te |  7 +++++++
 2 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te
index 2ffd7634..e69de29b 100644
--- a/tracking_denials/hal_health_default.te
+++ b/tracking_denials/hal_health_default.te
@@ -1,15 +0,0 @@
-# b/177966434
-dontaudit hal_health_default sysfs_wlc:dir { search };
-# b/181177925
-dontaudit hal_health_default thermal_link_device:dir { search };
-dontaudit hal_health_default sysfs_thermal:file { open };
-dontaudit hal_health_default sysfs_thermal:file { write };
-dontaudit hal_health_default sysfs_thermal:lnk_file { read };
-dontaudit hal_health_default sysfs_thermal:dir { search };
-dontaudit hal_health_default sysfs_thermal:file { write };
-dontaudit hal_health_default sysfs_thermal:file { open };
-dontaudit hal_health_default sysfs_batteryinfo:file { write };
-dontaudit hal_health_default sysfs_thermal:dir { search };
-dontaudit hal_health_default thermal_link_device:dir { search };
-dontaudit hal_health_default sysfs_batteryinfo:file { write };
-dontaudit hal_health_default sysfs_thermal:lnk_file { read };
diff --git a/whitechapel/vendor/google/hal_health_default.te b/whitechapel/vendor/google/hal_health_default.te
index 4bc85f26..a684dcc2 100644
--- a/whitechapel/vendor/google/hal_health_default.te
+++ b/whitechapel/vendor/google/hal_health_default.te
@@ -5,3 +5,10 @@ allow hal_health_default persist_battery_file:dir rw_dir_perms;
 
 set_prop(hal_health_default, vendor_battery_defender_prop)
 r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
+
+allow hal_health_default sysfs_wlc:dir search;
+allow hal_health_default sysfs_batteryinfo:file w_file_perms;
+allow hal_health_default sysfs_thermal:dir search;
+allow hal_health_default sysfs_thermal:file w_file_perms;
+allow hal_health_default sysfs_thermal:lnk_file read;
+allow hal_health_default thermal_link_device:dir search;