Merge "sepolicy: allow kernel to search vendor debugfs" into main

tracking_denials/genfs_contexts

@@ -27,16 +27,7 @@ genfscon sysfs /devices/platform/2bf40000.etm    u:object_r:sysfs_devices_cs_etm
 genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq               u:object_r:sysfs_devfreq_cur:s0
 
 # debugfs
-genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77759_chg                                          u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77779_chg                                          u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /max77779_pmic                                         u:object_r:vendor_charger_debugfs:s0
-genfscon debugfs /gvotables                                             u:object_r:vendor_votable_debugfs:s0
-genfscon debugfs /google_battery                                        u:object_r:vendor_battery_debugfs:s0
 genfscon debugfs /pm_genpd/pm_genpd_summary                             u:object_r:vendor_pm_genpd_debugfs:s0
-genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
-genfscon debugfs /max77779fg                                            u:object_r:vendor_maxfg_debugfs:s0
 
 # Storage
 genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable    u:object_r:sysfs_scsi_devices_0000:s0

vendor/genfs_contexts

@@ -37,6 +37,17 @@ genfscon sysfs /class/power_supply/wireless/device/fw_rev
 # debugfs
 genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
 genfscon debugfs /usb                                                   u:object_r:vendor_usb_debugfs:s0
+genfscon debugfs /google_charger                                        u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77729_pmic                                         u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77759_chg                                          u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77779_chg                                          u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /max77779_pmic                                         u:object_r:vendor_charger_debugfs:s0
+genfscon debugfs /gvotables                                             u:object_r:vendor_votable_debugfs:s0
+genfscon debugfs /google_battery                                        u:object_r:vendor_battery_debugfs:s0
+genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /max77779fg                                            u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /maxfg_base                                            u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /maxfg_secondary                                       u:object_r:vendor_maxfg_debugfs:s0
 
 # GPU
 genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq              u:object_r:sysfs_gpu:s0

vendor/kernel.te

@@ -8,12 +8,14 @@ allow kernel per_boot_file:file r_file_perms;
 allow kernel self:capability2 perfmon;
 allow kernel self:perf_event cpu;
 
-no_debugfs_restriction(`
+userdebug_or_eng(`
   allow kernel vendor_battery_debugfs:dir search;
+  allow kernel vendor_regmap_debugfs:dir search;
+  allow kernel vendor_usb_debugfs:dir search;
+  allow kernel vendor_votable_debugfs:dir search;
+  allow kernel vendor_charger_debugfs:dir search;
+  allow kernel vendor_maxfg_debugfs:dir search;
 ')
 
-allow kernel vendor_regmap_debugfs:dir search;
 
-dontaudit kernel vendor_usb_debugfs:dir search;
-dontaudit kernel vendor_votable_debugfs:dir search;
-dontaudit kernel vendor_charger_debugfs:dir search;
+