From 59ba0f97aa1d193969f45498a2293d890e65df48 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 7 Apr 2021 11:56:49 +0800
Subject: [PATCH] grant debugfs access to insmod under userdebug

Bug: 182086611
Test: boot with the error gone
Change-Id: I555c12b4ccbb61266dc289aac577d0240bde4d28
---
 tracking_denials/init-insmod-sh.te          | 4 ----
 whitechapel/vendor/google/init-insmod-sh.te | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/init-insmod-sh.te

diff --git a/tracking_denials/init-insmod-sh.te b/tracking_denials/init-insmod-sh.te
deleted file mode 100644
index 9f615fab..00000000
--- a/tracking_denials/init-insmod-sh.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/182086611
-dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
-dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
-dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
diff --git a/whitechapel/vendor/google/init-insmod-sh.te b/whitechapel/vendor/google/init-insmod-sh.te
index e8424941..c4d29945 100644
--- a/whitechapel/vendor/google/init-insmod-sh.te
+++ b/whitechapel/vendor/google/init-insmod-sh.te
@@ -8,4 +8,8 @@ allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
 
 set_prop(init-insmod-sh, vendor_device_prop)
 
+userdebug_or_eng(`
+  allow init-insmod-sh vendor_regmap_debugfs:dir search;
+')
+
 dontaudit init-insmod-sh proc_cmdline:file r_file_perms;