From 1a57e5c34623e19ddee6d330c1decbc10f168cee Mon Sep 17 00:00:00 2001
From: Randall Huang <huangrandall@google.com>
Date: Mon, 22 Nov 2021 16:51:42 +0800
Subject: [PATCH] Fix selinux for vold idle-maint

Bug: 206741894
Bug: 207062776
Test: adb shell sm idle-maint run
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ieb55fe439d3250b6d819381c4bc97e3e895ac23f
---
 tracking_denials/vold.te                      | 2 --
 whitechapel_pro/genfs_contexts                | 1 +
 whitechapel_pro/hal_health_storage_default.te | 3 +++
 whitechapel_pro/vold.te                       | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)
 delete mode 100644 tracking_denials/vold.te
 create mode 100644 whitechapel_pro/hal_health_storage_default.te

diff --git a/tracking_denials/vold.te b/tracking_denials/vold.te
deleted file mode 100644
index 82e8385e..00000000
--- a/tracking_denials/vold.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/207062540
-dontaudit vold sysfs_scsi_devices_0000:file { write };
diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts
index 7f1db468..9a3b800b 100644
--- a/whitechapel_pro/genfs_contexts
+++ b/whitechapel_pro/genfs_contexts
@@ -75,6 +75,7 @@ genfscon sysfs /devices/platform/14700000.ufs/hibern8_on_idle_enable    u:object
 genfscon sysfs /devices/platform/14700000.ufs/health_descriptor         u:object_r:sysfs_scsi_devices_0000:s0
 genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0:  u:object_r:sysfs_scsi_devices_0000:s0
 genfscon sysfs /devices/platform/14700000.ufs/ufs_stats                 u:object_r:sysfs_scsi_devices_0000:s0
+genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf   u:object_r:sysfs_scsi_devices_0000:s0
 
 # debugfs
 genfscon debugfs /f2fs                                                  u:object_r:debugfs_f2fs:s0
diff --git a/whitechapel_pro/hal_health_storage_default.te b/whitechapel_pro/hal_health_storage_default.te
new file mode 100644
index 00000000..2aa0881e
--- /dev/null
+++ b/whitechapel_pro/hal_health_storage_default.te
@@ -0,0 +1,3 @@
+# Access to /sys/devices/platform/14700000.ufs/*
+allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
+allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
diff --git a/whitechapel_pro/vold.te b/whitechapel_pro/vold.te
index 40da1b01..64ebf996 100644
--- a/whitechapel_pro/vold.te
+++ b/whitechapel_pro/vold.te
@@ -1,3 +1,5 @@
 allow vold modem_efs_file:dir rw_dir_perms;
 allow vold modem_userdata_file:dir rw_dir_perms;
 
+allow vold sysfs_scsi_devices_0000:file rw_file_perms;
+