dontaudit kernel search allow debugfs

Bug: 261650972 Change-Id: I39b0feb01c592c7beb30d7aa1610c39a75bb3481
2023-02-08 13:10:57 +08:00 · 2023-02-08 13:10:57 +08:00 · ac3c24c4f2
commit ac3c24c4f2
parent 856d2c480e
2 changed files with 4 additions and 2 deletions
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@ -2,8 +2,6 @@
 dontaudit kernel same_process_hal_file:file { open };
 dontaudit kernel same_process_hal_file:file { read };
 dontaudit kernel vendor_regmap_debugfs:dir { search };
-# b/261650972
-dontaudit kernel vendor_battery_debugfs:dir { search };
 # b/261933155
 dontaudit kernel vendor_fw_file:file { getattr };
 # b/262794429
--- a/vendor/kernel.te
+++ b/vendor/kernel.te
@ -3,3 +3,7 @@ allow kernel vendor_fw_file:file r_file_perms;

 # ZRam
 allow kernel per_boot_file:file r_file_perms;
+
+no_debugfs_restriction(`
+  allow kernel vendor_battery_debugfs:dir search;
+')