Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e9e99a1e4ce69c723126e232f8e7bcc16a76a3df^1..e9e99a1e4ce69c723126e232f8e7bcc16a76a3df / .
commite9e99a1e4ce69c723126e232f8e7bcc16a76a3df[log] [tgz]
authorRoy Luo <royluo@google.com>Wed Jul 10 16:12:15 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Jul 10 16:12:15 2024 +0000
tree24b55561be4b75fe180b033df8d7cbe0ae700244
parent3d35cc3cee4b9b235d95e103f59c6c3378b62474 [diff]
parente09cefccbb0497e5e9f8aba64e31dadb9e6ea5fd [diff]
Merge "Revert^4 "Allow system server to access udc sysfs"" into main
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index efeeff7..6874821 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil

@@ -13,4 +13,5 @@
     binderfs_logs_transaction_history
     proc_compaction_proactiveness
     proc_cgroups
+    sysfs_udc
   ))

diff --git a/private/genfs_contexts b/private/genfs_contexts
index ac59c9a..de2b139 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -136,6 +136,7 @@
 genfscon sysfs /class/rtc                         u:object_r:sysfs_rtc:s0
 genfscon sysfs /class/switch                      u:object_r:sysfs_switch:s0
 genfscon sysfs /class/wakeup                      u:object_r:sysfs_wakeup:s0
+genfscon sysfs /class/udc                         u:object_r:sysfs_udc:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
 genfscon sysfs /devices/virtual/android_usb     u:object_r:sysfs_android_usb:s0
 genfscon sysfs /devices/virtual/block/            u:object_r:sysfs_devices_block:s0

diff --git a/private/system_server.te b/private/system_server.te
index 1298bf7..436cfa7 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1264,6 +1264,9 @@
 # UsbDeviceManager uses /dev/usb-ffs
 allow system_server functionfs:dir search;
 allow system_server functionfs:file rw_file_perms;
+# To resolve arbitrary sysfs paths from /sys/class/udc/* symlinks.
+allow system_server sysfs_type:dir search;
+r_dir_file(system_server, sysfs_udc)
 
 # system_server contains time / time zone detection logic so reads the associated properties.
 get_prop(system_server, time_prop)

diff --git a/public/file.te b/public/file.te
index 9f75f05..b28ca85 100644
--- a/public/file.te
+++ b/public/file.te

@@ -105,6 +105,9 @@
 type cgroup_v2, fs_type;
 type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_android_usb, fs_type, sysfs_type;
+starting_at_board_api(202504, `
+    type sysfs_udc, fs_type, sysfs_type;
+')
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;