Allow recovery to read thermal info on sailfish Encountered more denials on sailfish: avc: denied { read } for pid=439 comm="recovery" name="thermal" dev="sysfs" ino=28516 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0 avc: denied { read } for pid=441 comm="recovery" name="thermal_zone9" dev="sysfs" ino=40364 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0 Bug: 36920500 Test: sideload a package in sailfish Change-Id: Ib4e89ba48cdc383318e5f3b7b15f542434e43564

commit: b4e4565d58218cc5a878d4998dc9dd079d4b7dc0 [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Fri Apr 14 14:06:22 2017 -0700
committer: Tianjie Xu <xunchang@google.com> Fri Apr 14 14:39:40 2017 -0700
tree: 24b73dda327cd1c69a7ddc515adc0729e28038a3
parent: f3b5bd64155aee7b13d97d08e77b317b4ebe6328 [diff]
diff --git a/public/recovery.te b/public/recovery.te
index 6bbc2ab..1f1a5ac 100644
--- a/public/recovery.te
+++ b/public/recovery.te

@@ -91,8 +91,7 @@
   allow recovery { cache_file cache_recovery_file }:file create_file_perms;
 
   # Read /sys/class/thermal/*/temp for thermal info.
-  allow recovery sysfs_thermal:dir search;
-  allow recovery sysfs_thermal:file r_file_perms;
+  r_dir_file(recovery, sysfs_thermal)
 
   # Read files on /oem.
   r_dir_file(recovery, oemfs);
commit	b4e4565d58218cc5a878d4998dc9dd079d4b7dc0	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Fri Apr 14 14:06:22 2017 -0700
committer	Tianjie Xu <xunchang@google.com>	Fri Apr 14 14:39:40 2017 -0700
tree	24b73dda327cd1c69a7ddc515adc0729e28038a3
parent	f3b5bd64155aee7b13d97d08e77b317b4ebe6328 [diff]