commit de1dad0ab271324c739d1466b198ef212fb2c674
author Roman Kiryanov <rkir@google.com> Fri Feb 21 08:49:33 2020 -0800
committer Roman Kiryanov <rkir@google.com> Tue Feb 25 09:59:19 2020 -0800
tree e692824588d96d199a40bab2dbbd59d190614965
parent e7378f4a1da198b1517516e281c67f437fbbb194

Update goldfish sepolicy for 5.4 kernel

* on 5.4 kernel our wifi needs nlmsg_readpriv
* added power hal sepolicy to enable device access
* added bug map entry to track gsid dac_read_search

Bug: 147493341
Test: presubmit
Merged-In: Ib5af7b14a08fa742bc087c466b04e4fd961eea0d
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I411eb61c5fd3078a0d776e21dcb443c5bd3e933f

sepolicy/common/bug_map

diff --git a/sepolicy/common/bug_map b/sepolicy/common/bug_map
index 049891e..2174a4d 100644
--- a/sepolicy/common/bug_map
+++ b/sepolicy/common/bug_map
@@ -1,3 +1,4 @@
+gsid gsid capability b/146356992
 hal_wifi_default default_prop file b/131598173
 hal_wifi_default vendor_default_prop property_service b/131598173
 init unlabeled dir b/131596633

sepolicy/common/file.te

diff --git a/sepolicy/common/file.te b/sepolicy/common/file.te
index c106a98..6df2ef4 100644
--- a/sepolicy/common/file.te
+++ b/sepolicy/common/file.te
@@ -1,3 +1,4 @@
+type sysfs_iio_devices, fs_type, sysfs_type;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_virtio_block, sysfs_type, fs_type;
 type varrun_file, file_type, data_file_type, mlstrustedobject;

sepolicy/common/genfs_contexts

diff --git a/sepolicy/common/genfs_contexts b/sepolicy/common/genfs_contexts
index a169cac..d807a70 100644
--- a/sepolicy/common/genfs_contexts
+++ b/sepolicy/common/genfs_contexts
@@ -77,5 +77,7 @@
 genfscon sysfs /devices/pnp0/00:00/wakeup/wakeup                                   u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/virtual/wakeup/wakeup                                      u:object_r:sysfs_wakeup:s0
 
+genfscon sysfs /bus/iio/devices                                                    u:object_r:sysfs_iio_devices:s0
+
 # /proc/<pid>/ns
 genfscon nsfs / u:object_r:nsfs:s0

sepolicy/common/hal_power_stats_default.te

diff --git a/sepolicy/common/hal_power_stats_default.te b/sepolicy/common/hal_power_stats_default.te
new file mode 100644
index 0000000..35c9275
--- /dev/null
+++ b/sepolicy/common/hal_power_stats_default.te
@@ -0,0 +1 @@
+r_dir_file(hal_power_stats_default, sysfs_iio_devices) # Needed to traverse nonexistent iio devices tree

sepolicy/common/hal_wifi_default.te

diff --git a/sepolicy/common/hal_wifi_default.te b/sepolicy/common/hal_wifi_default.te
index de4b996..cb07766 100644
--- a/sepolicy/common/hal_wifi_default.te
+++ b/sepolicy/common/hal_wifi_default.te
@@ -1 +1,2 @@
-allow hal_wifi_default hal_wifi_default:netlink_route_socket { create bind write read nlmsg_read };
+allow hal_wifi_default hal_wifi_default:netlink_route_socket {
+    create bind write read nlmsg_read nlmsg_readpriv };