display: dontaudit various domains for read/search sysfs_msm_subsys Graphics drivers gfx promo #0415 adds dependency on gpu_model sysfs node. This needs various domains to have sepolicy to read and search the sysfs node. Dontaudit these domains for read/search into sysfs_msm_subsys Bug: 140869429 Test: device logs does not throw selinux denials, pass pre-submit checks Change-Id: I6c152d0b56f1f940de5217b117df538d8dd5b233

commit: 6f25c068a4bb95b2a11dc1a2310197d1a9e12d81 [log] [tgz]
author: Siddharth Kapoor <ksiddharth@google.com> Tue Oct 22 21:00:55 2019 +0800
committer: Siddharth Kapoor <ksiddharth@google.com> Wed Oct 30 17:59:27 2019 +0800
tree: 0709d676d9f309a13b6addaee4f35f012ce2e423
parent: 529fa215dac712f427fafbbe2245abb35bdf7235 [diff]
diff --git a/vendor/qcom/common/app.te b/vendor/qcom/common/app.te
index 567c115..163e0fd 100644
--- a/vendor/qcom/common/app.te
+++ b/vendor/qcom/common/app.te

@@ -2,3 +2,6 @@
 get_prop(appdomain, vendor_camera_prop)
 
 get_prop(appdomain, vendor_display_prop)
+
+dontaudit appdomain sysfs_msm_subsys:dir search;
+dontaudit appdomain sysfs_msm_subsys:file r_file_perms;

diff --git a/vendor/qcom/common/bootanim.te b/vendor/qcom/common/bootanim.te
index 0125ef0..913a70b 100644
--- a/vendor/qcom/common/bootanim.te
+++ b/vendor/qcom/common/bootanim.te

@@ -10,3 +10,6 @@
 dontaudit bootanim kernel:system module_request;
 
 get_prop(bootanim, vendor_display_prop)
+
+dontaudit bootanim sysfs_msm_subsys:dir search;
+dontaudit bootanim sysfs_msm_subsys:file r_file_perms;

diff --git a/vendor/qcom/common/hal_graphics_allocator_default.te b/vendor/qcom/common/hal_graphics_allocator_default.te
index 646fc81..97dfb5c 100644
--- a/vendor/qcom/common/hal_graphics_allocator_default.te
+++ b/vendor/qcom/common/hal_graphics_allocator_default.te

@@ -1,2 +1,4 @@
 dontaudit hal_graphics_allocator_default vendor_display_prop:file r_file_perms;
 
+dontaudit hal_graphics_allocator_default sysfs_msm_subsys:dir search;
+dontaudit hal_graphics_allocator_default sysfs_msm_subsys:file r_file_perms;

diff --git a/vendor/qcom/common/surfaceflinger.te b/vendor/qcom/common/surfaceflinger.te
index 79c6a9d..f77b604 100644
--- a/vendor/qcom/common/surfaceflinger.te
+++ b/vendor/qcom/common/surfaceflinger.te

@@ -3,3 +3,6 @@
 dontaudit surfaceflinger vendor_default_prop:file read;
 userdebug_or_eng(`get_prop(surfaceflinger, vendor_display_prop)')
 allow surfaceflinger debugfs_ion:dir search;
+
+dontaudit surfaceflinger sysfs_msm_subsys:dir search;
+dontaudit surfaceflinger sysfs_msm_subsys:file r_file_perms;

diff --git a/vendor/qcom/common/system_server.te b/vendor/qcom/common/system_server.te
index 16c0c92..1a0c2e2 100644
--- a/vendor/qcom/common/system_server.te
+++ b/vendor/qcom/common/system_server.te

@@ -12,3 +12,6 @@
 dontaudit system_server self:capability sys_module;
 
 dontaudit system_server vendor_display_prop:file r_file_perms;
+
+dontaudit system_server sysfs_msm_subsys:dir search;
+dontaudit system_server sysfs_msm_subsys:file r_file_perms;
commit	6f25c068a4bb95b2a11dc1a2310197d1a9e12d81	[log] [tgz]
author	Siddharth Kapoor <ksiddharth@google.com>	Tue Oct 22 21:00:55 2019 +0800
committer	Siddharth Kapoor <ksiddharth@google.com>	Wed Oct 30 17:59:27 2019 +0800
tree	0709d676d9f309a13b6addaee4f35f012ce2e423
parent	529fa215dac712f427fafbbe2245abb35bdf7235 [diff]