From ac3c24c4f2976b73209e31be0b9cb2db2baf5187 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 8 Feb 2023 13:10:57 +0800
Subject: [PATCH] dontaudit kernel search allow debugfs

Bug: 261650972
Change-Id: I39b0feb01c592c7beb30d7aa1610c39a75bb3481
---
 tracking_denials/kernel.te | 2 --
 vendor/kernel.te           | 4 ++++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te
index 315f001c..6c727b26 100644
--- a/tracking_denials/kernel.te
+++ b/tracking_denials/kernel.te
@@ -2,8 +2,6 @@
 dontaudit kernel same_process_hal_file:file { open };
 dontaudit kernel same_process_hal_file:file { read };
 dontaudit kernel vendor_regmap_debugfs:dir { search };
-# b/261650972
-dontaudit kernel vendor_battery_debugfs:dir { search };
 # b/261933155
 dontaudit kernel vendor_fw_file:file { getattr };
 # b/262794429
diff --git a/vendor/kernel.te b/vendor/kernel.te
index cab39fb5..2456a650 100644
--- a/vendor/kernel.te
+++ b/vendor/kernel.te
@@ -3,3 +3,7 @@ allow kernel vendor_fw_file:file r_file_perms;
 
 # ZRam
 allow kernel per_boot_file:file r_file_perms;
+
+no_debugfs_restriction(`
+  allow kernel vendor_battery_debugfs:dir search;
+')