From 9ddb9bab3d2500edab8cece590c16ade06b81cbc Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Tue, 19 Mar 2024 07:54:01 +0000 Subject: [PATCH] sepolicy: allow kernel to search vendor debugfs audit: type=1400 audit(1710259012.824:4): avc: denied { search } for pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0 audit: type=1400 audit(1710427790.680:2): avc: denied { search } for pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1 audit: type=1400 audit(1710427790.680:3): avc: denied { search } for pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1 Bug: 328016570 Bug: 329317898 Test: check all debugfs folders are correctly mounted Change-Id: I13ef8c4d9b0f84a8641cfbe12a7b5cf89a97d3da Signed-off-by: Spade Lee --- whitechapel/vendor/google/kernel.te | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/whitechapel/vendor/google/kernel.te b/whitechapel/vendor/google/kernel.te index f1156829..d44eed68 100644 --- a/whitechapel/vendor/google/kernel.te +++ b/whitechapel/vendor/google/kernel.te @@ -8,7 +8,11 @@ allow kernel per_boot_file:file r_file_perms; allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; -dontaudit kernel vendor_battery_debugfs:dir search; -dontaudit kernel vendor_maxfg_debugfs:dir { search }; -dontaudit kernel vendor_votable_debugfs:dir { search }; -dontaudit kernel vendor_usb_debugfs:dir search; +userdebug_or_eng(` + allow kernel vendor_battery_debugfs:dir search; + allow kernel vendor_regmap_debugfs:dir search; + allow kernel vendor_usb_debugfs:dir search; + allow kernel vendor_votable_debugfs:dir search; + allow kernel vendor_charger_debugfs:dir search; + allow kernel vendor_maxfg_debugfs:dir search; +')