qcom: Restrict access to /sys/devices/soc0/serial_number Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff Signed-off-by: micky387 <mickaelsaibi@free.fr>

commit: f1c9164d242da481e3ca79f3109f33d798b6d7bb [log] [tgz]
author: Michael Bestas <mkbestas@gmail.com> Thu May 11 19:23:36 2023 +0300
committer: micky387 <mickaelsaibi@free.fr> Wed Apr 02 15:39:37 2025 -0400
tree: b7929f767db199648cc4c33bf9f07b6c7697049c
parent: 47a4b0f10020b326d5832c9f0b8ad07efc547262 [diff]
diff --git a/sepolicy/qcom/vendor/file.te b/sepolicy/qcom/vendor/file.te
new file mode 100644
index 0000000..5555f05
--- /dev/null
+++ b/sepolicy/qcom/vendor/file.te

@@ -0,0 +1 @@
+type sysfs_socinfo_sensitive, fs_type, sysfs_type;

diff --git a/sepolicy/qcom/vendor/genfs_contexts b/sepolicy/qcom/vendor/genfs_contexts
new file mode 100644
index 0000000..0e1f3a5
--- /dev/null
+++ b/sepolicy/qcom/vendor/genfs_contexts

@@ -0,0 +1 @@
+genfscon sysfs /devices/soc0/serial_number               u:object_r:sysfs_socinfo_sensitive:s0

diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 7e10ab6..390dc87 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk

@@ -22,6 +22,7 @@
     qdisplay_service=vendor_qdisplay_service \
     sysfs_battery_supply=vendor_sysfs_battery_supply \
     sysfs_graphics=vendor_sysfs_graphics \
+    sysfs_socinfo_sensitive=vendor_sysfs_soc_sensitive \
     sysfs_usb_supply=vendor_sysfs_usb_supply
 endif
commit	f1c9164d242da481e3ca79f3109f33d798b6d7bb	[log] [tgz]
author	Michael Bestas <mkbestas@gmail.com>	Thu May 11 19:23:36 2023 +0300
committer	micky387 <mickaelsaibi@free.fr>	Wed Apr 02 15:39:37 2025 -0400
tree	b7929f767db199648cc4c33bf9f07b6c7697049c
parent	47a4b0f10020b326d5832c9f0b8ad07efc547262 [diff]