Allow regmap debugfs for drivers probed by insmod

auditd : type=1400 audit(0.0:731): avc: denied { search } for comm="modprobe" name="regmap" dev="debugfs" ino=2057 scontext=u:r:insmod-sh:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=1 bug=b/274727542 vendor_kernel_boot and vendor_dlkm modules probe by insmod need this. Move regmap debugfs from legacy/whitechapel_pro/ to vendor/. Bug: 274727542 Bug: 289012421 Test: ls -d /sys/kernel/debug/regmap/*-0043 Change-Id: I2bd35a6bc942536505f62d4122f0de892f243802
2023-09-12 15:34:16 +08:00 · 2023-09-12 15:34:16 +08:00 · 1a65e5d5e4
commit 1a65e5d5e4
parent 4bb847b815
6 changed files with 3 additions and 7 deletions
--- a/legacy/whitechapel_pro/file.te
+++ b/legacy/whitechapel_pro/file.te
@ -12,9 +12,6 @@ type sysfs_bcmdhd, sysfs_type, fs_type;
 type sysfs_chargelevel, sysfs_type, fs_type;
 type sysfs_camera, sysfs_type, fs_type;

-# debugfs
-type vendor_regmap_debugfs, fs_type, debugfs_type;
-
 # persist
 type persist_ss_file, file_type, vendor_persist_type;

--- a/legacy/whitechapel_pro/genfs_contexts
+++ b/legacy/whitechapel_pro/genfs_contexts
@ -30,9 +30,6 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count
 genfscon proc /fs/f2fs                                                  u:object_r:proc_f2fs:s0
 genfscon proc /sys/vm/swappiness                                        u:object_r:proc_dirty:s0

-# debugfs
-genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
-
 # Haptics
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@ -4,7 +4,6 @@ hal_uwb_default debugfs file b/288049522
 incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
 insmod-sh insmod-sh key b/274374722
-insmod-sh vendor_regmap_debugfs dir b/274727542
 mtectrl unlabeled dir b/264483752
 systemui_app wm_trace_data_file dir b/288049075
 vendor_init proc file b/289856761
--- a/vendor/file.te
+++ b/vendor/file.te
@ -29,6 +29,7 @@ type vendor_battery_debugfs, fs_type, debugfs_type;
 type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
 type vendor_usb_debugfs, fs_type, debugfs_type;
 type vendor_maxfg_debugfs, fs_type, debugfs_type;
+type vendor_regmap_debugfs, fs_type, debugfs_type;

 # WLC
 type sysfs_wlc, sysfs_type, fs_type;
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@ -35,6 +35,7 @@ genfscon debugfs /google_battery                                        u:object
 genfscon debugfs /pm_genpd/pm_genpd_summary                             u:object_r:vendor_pm_genpd_debugfs:s0
 genfscon debugfs /usb                                                   u:object_r:vendor_usb_debugfs:s0
 genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0

 # Extcon
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0   u:object_r:sysfs_extcon:s0
--- a/vendor/insmod-sh.te
+++ b/vendor/insmod-sh.te
@ -1,2 +1,3 @@
 allow insmod-sh self:capability sys_nice;
 allow insmod-sh kernel:process setsched;
+allow insmod-sh vendor_regmap_debugfs:dir search;