Add configfs file permissions to init. These were previously in device specific sepolicies. They should be in core sepolicy to reflect their use by a core init file, init.usb.configfs.rc. Addresses denial: init : type=1400 audit(0.0:135): avc: denied { unlink } for name="f1" dev="configfs" ino=10923 scontext=u:r:init:s0 tcontext=u:object_r:configfs:s0 tclass=lnk_file permissive=0 Test: denial addressed Change-Id: I869892f9d0c311b727462fb380f4160feb986215

commit: f3b5bd64155aee7b13d97d08e77b317b4ebe6328 [log] [tgz]
author: Jerry Zhang <zhangjerry@google.com> Wed Apr 12 16:50:25 2017 -0700
committer: Jerry Zhang <zhangjerry@google.com> Thu Apr 13 17:37:36 2017 +0000
tree: f169244028ab5e14c8916d53cdfcb5f859fbc561
parent: 20fe64e73d9eb7c8ba266bbe9ada85070b03ad47 [diff]
diff --git a/public/init.te b/public/init.te
index b36a002..f81f85e 100644
--- a/public/init.te
+++ b/public/init.te

@@ -85,6 +85,7 @@
 # /config
 allow init configfs:dir mounton;
 allow init configfs:dir create_dir_perms;
+allow init configfs:{ file lnk_file } create_file_perms;
 
 # Use tmpfs as /data, used for booting when /data is encrypted
 allow init tmpfs:dir relabelfrom;
commit	f3b5bd64155aee7b13d97d08e77b317b4ebe6328	[log] [tgz]
author	Jerry Zhang <zhangjerry@google.com>	Wed Apr 12 16:50:25 2017 -0700
committer	Jerry Zhang <zhangjerry@google.com>	Thu Apr 13 17:37:36 2017 +0000
tree	f169244028ab5e14c8916d53cdfcb5f859fbc561
parent	20fe64e73d9eb7c8ba266bbe9ada85070b03ad47 [diff]