system_server: search permission to all of sysfs. This will allow system_server to perfom path resolution on paths like: /sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm8998@0:qcom,pm8998_rtc/rtc Fixes this denial: avc: denied { search } for pid=947 comm=system_server name=800f000.qcom,spmi dev=sysfs ino=19891 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=0 b/68003344 Bug: 68003344 Test: walleye boots without the denial above. Change-Id: Ib282395124c7f2f554681fcc713b9afe189f441c

commit: ce8bc8b00e8f3f9cac8fe6a13f67c0676b66c443 [log] [tgz]
author: Tri Vo <trong@google.com> Tue Dec 19 13:23:11 2017 -0800
committer: Tri Vo <trong@google.com> Thu Dec 21 22:35:27 2017 +0000
tree: c4a0a00afc7e3927140b1264852c61cb9bf59bc6
parent: 6168a12ea9194498649a3878d46e3671c518d60f [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 46becd0..6fb6142 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -267,6 +267,8 @@
 # Check SELinux permissions.
 selinux_check_access(system_server)
 
+allow system_server sysfs_type:dir search;
+
 r_dir_file(system_server, sysfs_android_usb)
 allow system_server sysfs_android_usb:file w_file_perms;
commit	ce8bc8b00e8f3f9cac8fe6a13f67c0676b66c443	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Dec 19 13:23:11 2017 -0800
committer	Tri Vo <trong@google.com>	Thu Dec 21 22:35:27 2017 +0000
tree	c4a0a00afc7e3927140b1264852c61cb9bf59bc6
parent	6168a12ea9194498649a3878d46e3671c518d60f [diff]