From 1d2ff869634649955fab0be3fb724d8b937c80bf Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 9 Jul 2014 23:07:10 -0700
Subject: [PATCH] allow ueventd sysfs_type lnk_file

ueventd is allowed to change files and directories in /sys,
but not symbolic links. This is, at a minimum, causing the
following denial:

type=1400 audit(0.0:5): avc: denied { getattr } for comm="ueventd" path="/sys/devices/tegradc.0/driver" dev=sysfs ino=3386 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_tegradc:s0 tclass=lnk_file

Allow ueventd to modify labeling / attributes of symlinks.

Change-Id: If641a218e07ef479d1283f3171b2743f3956386d
---
 ueventd.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ueventd.te b/ueventd.te
index 7d60c5aba..d8ae16ce1 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -10,7 +10,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
 allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
-- 
GitLab