sepolicy: allow kernel to search vendor debugfs

audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I0e0c2fee4d508cc4e76714df0efbe5eca7ca5966
Signed-off-by: Spade Lee <spadelee@google.com>

vendor/kernel.te

@@ -8,19 +8,16 @@ allow kernel per_boot_file:file r_file_perms;
 allow kernel self:capability2 perfmon;
 allow kernel self:perf_event cpu;
 
-no_debugfs_restriction(`
+userdebug_or_eng(`
   allow kernel vendor_battery_debugfs:dir search;
+  allow kernel vendor_regmap_debugfs:dir search;
+  allow kernel vendor_usb_debugfs:dir search;
+  allow kernel vendor_votable_debugfs:dir search;
+  allow kernel vendor_charger_debugfs:dir search;
+  allow kernel vendor_maxfg_debugfs:dir search;
 ')
 
-dontaudit kernel vendor_maxfg_debugfs:dir search;
 dontaudit kernel sepolicy_file:file getattr;
 dontaudit kernel system_bootstrap_lib_file:dir getattr;
 dontaudit kernel system_bootstrap_lib_file:file getattr;
 dontaudit kernel system_dlkm_file:dir getattr;
-dontaudit kernel vendor_battery_debugfs:dir search;
-dontaudit kernel vendor_charger_debugfs:dir search;
-dontaudit kernel vendor_votable_debugfs:dir search;
-dontaudit kernel vendor_usb_debugfs:dir search;
-
-allow kernel vendor_regmap_debugfs:dir search;
-