From 4ea1dcff3abf5672d2b9f904731f873a12c9c5de Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 15 Feb 2023 15:52:01 +0800
Subject: [PATCH] Fix zram avc denied

Bug: 260522041
Bug: 264490055
Test: boot to home and avc errors gone
Change-Id: I37532bb66c8f00f4307187e12bdab811c007b614
---
 tracking_denials/toolbox.te | 18 ------------------
 vendor/toolbox.te           |  3 +++
 2 files changed, 3 insertions(+), 18 deletions(-)
 delete mode 100644 tracking_denials/toolbox.te
 create mode 100644 vendor/toolbox.te

diff --git a/tracking_denials/toolbox.te b/tracking_denials/toolbox.te
deleted file mode 100644
index d32f68aa..00000000
--- a/tracking_denials/toolbox.te
+++ /dev/null
@@ -1,18 +0,0 @@
-# b/260522041
-dontaudit toolbox per_boot_file:dir { getattr };
-dontaudit toolbox per_boot_file:dir { open };
-dontaudit toolbox per_boot_file:dir { read };
-dontaudit toolbox per_boot_file:dir { remove_name };
-dontaudit toolbox per_boot_file:dir { rmdir };
-dontaudit toolbox per_boot_file:dir { search };
-dontaudit toolbox per_boot_file:dir { write };
-dontaudit toolbox per_boot_file:file { getattr };
-dontaudit toolbox per_boot_file:file { unlink };
-dontaudit toolbox ram_device:blk_file { getattr };
-dontaudit toolbox ram_device:blk_file { ioctl };
-dontaudit toolbox ram_device:blk_file { open };
-dontaudit toolbox ram_device:blk_file { read write };
-# b/264490055
-userdebug_or_eng(`
-  permissive toolbox;
-')
\ No newline at end of file
diff --git a/vendor/toolbox.te b/vendor/toolbox.te
new file mode 100644
index 00000000..9fbbb7ab
--- /dev/null
+++ b/vendor/toolbox.te
@@ -0,0 +1,3 @@
+allow toolbox ram_device:blk_file rw_file_perms;
+allow toolbox per_boot_file:dir create_dir_perms;
+allow toolbox per_boot_file:file create_file_perms;