Fix surfaceflinger SELinux denial.
Allow surfaceflinger to write to files in
/sys/devices/virtual/graphics/fb1
This addresses the following denial:
5.319406 type=1400 audit(10944353.380:8): avc: denied { write } for pid=184 comm="surfaceflinger" name="vendor_name" dev="sysfs" ino=10944 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file
Change-Id: I0f70af5d523a1d8ef7a9b93de50aca7b6a946236
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 5f3f6d3..7f8a127 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -120,8 +120,7 @@
/sys/module/pm_8x60/modes(/.*)? u:object_r:sysfs_mpdecision:s0
# Sysfs files used by surfaceflinger
-/sys/devices/virtual/graphics/fb1/format_3d -- u:object_r:sysfs_surfaceflinger:s0
-/sys/devices/virtual/graphics/fb1/hpd -- u:object_r:sysfs_surfaceflinger:s0
+/sys/devices/virtual/graphics/fb1(/.*)? -- u:object_r:sysfs_surfaceflinger:s0
# Sysfs files used by qmuxd
/sys/devices/virtual/smdpkt/smdcntl([0-9])+/open_timeout u:object_r:sysfs_smdcntl_open_timeout:s0
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
index ca386db..53836e7 100644
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -1,3 +1,6 @@
allow ueventd { firmware_file wifi_data_file }:dir r_dir_perms;
allow ueventd { firmware_file wifi_data_file }:file r_file_perms;
allow ueventd sysfs_smdcntl_open_timeout:file setattr;
+
+# For /sys/devices/virtual/graphics/fb1/uevent
+allow ueventd sysfs_surfaceflinger:file rw_file_perms;