From e5cf8beff3cf214b4fbaa5725feeb0e22f9398a5 Mon Sep 17 00:00:00 2001
From: Robert Lee <lerobert@google.com>
Date: Thu, 24 Feb 2022 10:32:47 +0800
Subject: [PATCH] Fix selinux error for aocd

allow write permission to fix following error
auditd  : type=1400 audit(0.0:4): avc: denied { write } for comm="aocd" name="aoc" dev="tmpfs" ino=497 scontext=u:r:aocd:s0 tcontext=u:object_r:aoc_device:s0 tclass=chr_file permissive=0

Bug: 198490099
Test: no avc deny when enable no_ap_restart
Change-Id: Ia72ee36137d78f969c28bf22647443cef45d186a
Signed-off-by: Robert Lee <lerobert@google.com>
---
 whitechapel/vendor/google/aocd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/aocd.te b/whitechapel/vendor/google/aocd.te
index 79add165..69b0af0d 100644
--- a/whitechapel/vendor/google/aocd.te
+++ b/whitechapel/vendor/google/aocd.te
@@ -12,7 +12,7 @@ allow aocd sysfs_aoc:dir search;
 allow aocd sysfs_aoc_firmware:file w_file_perms;
 
 # dev operations
-allow aocd aoc_device:chr_file r_file_perms;
+allow aocd aoc_device:chr_file rw_file_perms;
 
 # allow inotify to watch for additions/removals from /dev
 allow aocd device:dir r_dir_perms;