Revert "Revert "Add neverallows for debugfs access"" This reverts commit e95e0ec0a5f2f6fdf362d14b7960850a05e790b5. Now that b/186727553 is fixed, it should be safe to revert this revert. Test: build Bug: 184381659 Change-Id: Ibea3882296db880f5cafe4f9efa36d79a183c8a1

commit: 23f9f51fcdfe85d1c5cdafedd08e0bf958094520 [log] [tgz]
author: Hridya Valsaraju <hridya@google.com> Tue May 04 22:01:51 2021 -0700
committer: Hridya Valsaraju <hridya@google.com> Tue May 04 22:06:46 2021 -0700
tree: 996494dac4d4af27628b263f2f31caa64d7b8e6c
parent: 6c03124c3c76df773240c6b7d0f2c2f0dc8a3ef5 [diff] [blame]
diff --git a/private/storaged.te b/private/storaged.te
index b7d4ae9..bb39e5b 100644
--- a/private/storaged.te
+++ b/private/storaged.te

@@ -18,10 +18,12 @@
 allow storaged storaged_data_file:dir rw_dir_perms;
 allow storaged storaged_data_file:file create_file_perms;
 
-userdebug_or_eng(`
-  # Read access to debugfs
-  allow storaged debugfs_mmc:dir search;
-  allow storaged debugfs_mmc:file r_file_perms;
+no_debugfs_restriction(`
+  userdebug_or_eng(`
+    # Read access to debugfs
+    allow storaged debugfs_mmc:dir search;
+    allow storaged debugfs_mmc:file r_file_perms;
+  ')
 ')
 
 # Needed to provide debug dump output via dumpsys pipes.
commit	23f9f51fcdfe85d1c5cdafedd08e0bf958094520	[log] [tgz]
author	Hridya Valsaraju <hridya@google.com>	Tue May 04 22:01:51 2021 -0700
committer	Hridya Valsaraju <hridya@google.com>	Tue May 04 22:06:46 2021 -0700
tree	996494dac4d4af27628b263f2f31caa64d7b8e6c
parent	6c03124c3c76df773240c6b7d0f2c2f0dc8a3ef5 [diff] [blame]