From af53f729cfc3532af415241f2e3785c72f6bf4f8 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 15 Nov 2021 13:44:23 +0800
Subject: [PATCH] allow kernel to access firmware and zram

Bug: 205780090
Test: boot with no relevant error log
Change-Id: I272d9babfb0283e46cfc2e65e0bb85323bf8b7a2
---
 tracking_denials/kernel.te | 5 -----
 whitechapel_pro/kernel.te  | 6 ++++++
 2 files changed, 6 insertions(+), 5 deletions(-)
 delete mode 100644 tracking_denials/kernel.te
 create mode 100644 whitechapel_pro/kernel.te

diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
deleted file mode 100644
index 23a733c6..00000000
--- a/tracking_denials/kernel.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/205780090
-dontaudit kernel per_boot_file:file { read };
-dontaudit kernel vendor_fw_file:dir { search };
-dontaudit kernel vendor_fw_file:file { open };
-dontaudit kernel vendor_fw_file:file { read };
diff --git a/whitechapel_pro/kernel.te b/whitechapel_pro/kernel.te
new file mode 100644
index 00000000..0958ba11
--- /dev/null
+++ b/whitechapel_pro/kernel.te
@@ -0,0 +1,6 @@
+allow kernel vendor_fw_file:dir search;
+allow kernel vendor_fw_file:file r_file_perms;
+
+# ZRam
+allow kernel per_boot_file:file r_file_perms;
+