commit 423d14bfa157014e5c1c58580eef4b00d09c4228
author Tri Vo <trong@google.com> Fri Dec 01 22:31:01 2017 +0000
committer Tri Vo <trong@google.com> Fri Dec 01 22:31:01 2017 +0000
tree 3ad59335b6ae833dfd4e6631f65a9d9aad41090a
parent c2241a8d160fbac020b1c3a743bdc867743378eb

Revert "init: remove open, read, write access to 'sysfs' type."

This reverts commit c2241a8d160fbac020b1c3a743bdc867743378eb.

Reason for revert: build breakage b/70040773

Change-Id: I6af098ae20c4771a1070800d02c98e5783999a39

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index dbff467..b76b145 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -101,7 +101,6 @@
 genfscon sysfs /devices/virtual/switch          u:object_r:sysfs_switch:s0
 genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
 genfscon sysfs /fs/ext4/features                  u:object_r:sysfs_fs_ext4_features:s0
-genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
 genfscon sysfs /power/state u:object_r:sysfs_power:s0
 genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
 genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0

public/init.te

diff --git a/public/init.te b/public/init.te
index 62a6e04..11953a4 100644
--- a/public/init.te
+++ b/public/init.te
@@ -211,7 +211,6 @@
   -contextmount_type
   -proc
   -sdcard_type
-  -sysfs
   -rootfs
 }:file { open read setattr };
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
@@ -293,24 +292,6 @@
   proc_security
 }:file rw_file_perms;
 
-# init access to /sys files.
-allow init {
-  sysfs_android_usb
-  sysfs_leds
-  sysfs_power
-  sysfs_zram
-}:file w_file_perms;
-
-# init chmod/chown access to /sys files.
-allow init {
-  sysfs_android_usb
-  sysfs_devices_system_cpu
-  sysfs_ipv4
-  sysfs_leds
-  sysfs_lowmemorykiller
-  sysfs_power
-}:file setattr;
-
 # Set usermodehelpers.
 allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms;
 
@@ -319,6 +300,11 @@
 # Reboot.
 allow init self:global_capability_class_set sys_boot;
 
+# Write to sysfs nodes.
+allow init sysfs_type:dir r_dir_perms;
+allow init sysfs_type:lnk_file read;
+allow init sysfs_type:file rw_file_perms;
+
 # Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd".
 # Init will also walk through the directory as part of a recursive restorecon.
 allow init misc_logd_file:dir { add_name open create read getattr setattr search write };
@@ -472,6 +458,3 @@
 
 # Init should not be creating subdirectories in /data/local/tmp
 neverallow init shell_data_file:dir { write add_name remove_name };
-
-# Init should not access sysfs node that are not explicitly labeled.
-neverallow init sysfs:file { open read write };