From cc78670fedf01f2406706959092e5d6908200918 Mon Sep 17 00:00:00 2001 From: Ondrej Hlavac Date: Sun, 12 Mar 2017 13:38:57 +0100 Subject: [PATCH 1/2] sepolicy: adress thermal engine denial [ 8.023939] type=1400 audit(24063124.567:6): avc: denied { open } for pid=708 comm="thermal-engine" path="/sys/devices/soc/6a00000.ssusb/power_supply/usb/type" dev="sysfs" ino=39804 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_usb_supply:s0 tclass=file permissive=0 --- sepolicy/thermal-engine.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index 2797e38..2e659b9 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -4,4 +4,4 @@ allow thermal-engine sysfs_kgsl:file r_file_perms; allow thermal-engine system_data_file:dir w_dir_perms; allow thermal-engine thermal_data_file:file create_file_perms; allow thermal-engine sysfs_usb_supply:dir search; -allow thermal-engine sysfs_usb_supply:file read; +allow thermal-engine sysfs_usb_supply:file { read open }; From 7857c4eadd5bb2651e7f1110b6148fac9186175a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Brey?= Date: Sun, 12 Mar 2017 22:40:37 +0100 Subject: [PATCH 2/2] Update thermal-engine.te Use r_file_perms instead --- sepolicy/thermal-engine.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index 2e659b9..a101e5f 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -4,4 +4,4 @@ allow thermal-engine sysfs_kgsl:file r_file_perms; allow thermal-engine system_data_file:dir w_dir_perms; allow thermal-engine thermal_data_file:file create_file_perms; allow thermal-engine sysfs_usb_supply:dir search; -allow thermal-engine sysfs_usb_supply:file { read open }; +allow thermal-engine sysfs_usb_supply:file r_file_perms;