Label all files under /sys/qemu_trace with sysfs_writable. Otherwise we have different security contexts but the same DAC permissions: -rw-rw-rw- root root u:object_r:sysfs_writable:s0 process_name -rw-rw-rw- root root u:object_r:sysfs:s0 state -rw-rw-rw- root root u:object_r:sysfs:s0 symbol This change fixes denials such as: type=1400 msg=audit(1379096020.770:144): avc: denied { write } for pid=85 comm="SurfaceFlinger" name="symbol" dev="sysfs" ino=47 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:sysfs:s0 tclass=file Change-Id: I261c7751da3778ee9241ec6b5476e8d9f96ba5ed Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 0f7641d83d7044431db44d4dd2377e6f8ef93e85 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri May 03 13:56:30 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Fri Sep 13 14:24:24 2013 -0400
tree: dfd4e998ceee4d41177c09184a0b711ace4850c8
parent: a24a991dd59fe03cdc681aadcb6bbca1ffac9b7b [diff]
diff --git a/file_contexts b/file_contexts
index 81b9da9..a70ab83 100644
--- a/file_contexts
+++ b/file_contexts

@@ -208,7 +208,7 @@
 #############################
 # sysfs files
 #
-/sys/qemu_trace/process_name	--	u:object_r:sysfs_writable:s0
+/sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/state -- u:object_r:sysfs_bluetooth_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/type -- u:object_r:sysfs_bluetooth_writable:s0
commit	0f7641d83d7044431db44d4dd2377e6f8ef93e85	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri May 03 13:56:30 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Fri Sep 13 14:24:24 2013 -0400
tree	dfd4e998ceee4d41177c09184a0b711ace4850c8
parent	a24a991dd59fe03cdc681aadcb6bbca1ffac9b7b [diff]