Google Git
Sign in
android / device / google / wahoo / 5f7e132^! / .
commit5f7e1326350e6decd31a79502a92e66b964e7601[log] [tgz]
authorJoel Galenson <jgalenson@google.com>Mon Mar 05 17:50:45 2018 -0800
committerJoel Galenson <jgalenson@google.com>Thu Mar 08 15:33:45 2018 -0800
tree6fd7e31bf644cbc3c1319ffca59e30043964a146
parentda8c69cd714d911c8a2de37b2d7723ad1b3c5d2b [diff]
Remove regex and label the whole directory.

This is cleaner, as it allows us to remove a regex and label the
entire directory, and it will hopefully improve performance.

Bug: 74209458
Bug: 74366296
Test: Boot device, verify file labels, and test wifi and camera.
Test: Locally flashed OTA by following go/manual-ab-ota.
Test: Locally tested updated_verifier by following b/74366296#comment8.
Merged-In: I003dc949cf109cc63d75cee9515ef72cb9d0f055
Change-Id: I85f07b2fc8bfb472f25a66e32d3c7d746886535e
(cherry picked from commit 8a70f7ef1d1805a8f79486c10280407354f1230b)

diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
index ad385db..e2bdda4 100644
--- a/sepolicy/vendor/dumpstate.te
+++ b/sepolicy/vendor/dumpstate.te

@@ -16,5 +16,5 @@
 # For collecting bugreports.
 allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
 allow dumpstate sysfs_scsi_devices_other:file r_file_perms;
-allow dumpstate sysfs_devices_block_stat:file r_file_perms;
+allow dumpstate sysfs_devices_block:file r_file_perms;
 dontaudit dumpstate kernel:system module_request;

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index dd2feef..024dcb3 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te

@@ -12,7 +12,7 @@
 type sysfs_soc, sysfs_type, fs_type;
 type sysfs_scsi_devices_0000, sysfs_type, fs_type;
 type sysfs_scsi_devices_other, sysfs_type, fs_type;
-type sysfs_devices_block_stat, sysfs_type, fs_type;
+type sysfs_devices_block, sysfs_type, fs_type;
 type sysfs_timestamp_switch, sysfs_type, fs_type;
 type sysfs_touch, sysfs_type, fs_type;
 type sysfs_usb_c, sysfs_type, fs_type;

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 2593a66..e213942 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts

@@ -285,5 +285,3 @@
 
 /metadata                 u:object_r:rootfs:s0
 /metadata/.*              u:object_r:vold_data_file:s0
-
-/sys/devices/virtual/block/.*/stat u:object_r:sysfs_devices_block_stat:s0

diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 7f05483..fa5a27c 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts

@@ -77,6 +77,7 @@
 genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,usb-pdphy@1700/usbpd0/typec     u:object_r:sysfs_usb_c:s0
 genfscon sysfs /module/diagchar                                         u:object_r:sysfs_diag:s0
 genfscon sysfs /kernel/irq_helper/irq_blacklist_on                      u:object_r:sysfs_irq:s0
+genfscon sysfs /devices/virtual/block/                                  u:object_r:sysfs_devices_block:s0
 
 genfscon debugfs /kgsl/proc                           u:object_r:debugfs_kgsl:s0
 genfscon debugfs /clk/debug_suspend                   u:object_r:debugfs_clk:s0

diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index be4eff3..43647df 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te

@@ -2,6 +2,7 @@
 
 allow vold sysfs_scsi_devices_0000:file write;
 allow vold sysfs_scsi_devices_other:file write;
+allow vold sysfs_devices_block:file write;
 
 allow vold persist_file:dir r_dir_perms;