From 58d6929bf1a721641a8d423ea88af3fc9bf72310 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Thu, 6 Jul 2017 10:59:11 -0700
Subject: [PATCH] Fix incorrect SELinux labeling.

When moving SELinux rules from file_contexts to genfs_contexts, we
added some genfs rules to label specific files.  It turns out that one
of those files was the prefix of some other files, and since genfs
does prefix-labeling, those other files had their labels changed.

To fix this, we are changing the whole tracefs /instances/wifi from
debugfs_tracing_instances to debugfs_wifi_tracing (a few of the files
already had this label).  This simplifies the rules.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that the files
have the correct context and that wifi, camera, and traceur work.

Change-Id: Id62db079f439ae8c531b44d1184eea26d5b760c3
---
 private/genfs_contexts   | 8 ++------
 private/system_server.te | 1 +
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 07c31abb6..3914cec7d 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -68,12 +68,8 @@ genfscon debugfs /mmc0                                u:object_r:debugfs_mmc:s0
 genfscon debugfs /tracing                             u:object_r:debugfs_tracing:s0
 genfscon debugfs /tracing/instances                   u:object_r:debugfs_tracing_instances:s0
 genfscon tracefs /instances                           u:object_r:debugfs_tracing_instances:s0
-genfscon debugfs /tracing/instances/wifi/free_buffer  u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/trace        u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/tracing_on   u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/free_buffer          u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/trace                u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/tracing_on           u:object_r:debugfs_wifi_tracing:s0
+genfscon debugfs /tracing/instances/wifi              u:object_r:debugfs_wifi_tracing:s0
+genfscon tracefs /instances/wifi                      u:object_r:debugfs_wifi_tracing:s0
 genfscon debugfs /tracing/trace_marker                u:object_r:debugfs_trace_marker:s0
 genfscon tracefs /trace_marker                        u:object_r:debugfs_trace_marker:s0
 
diff --git a/private/system_server.te b/private/system_server.te
index e06fe4cca..f99deb7c6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -679,6 +679,7 @@ allow system_server sysfs_leds:dir r_dir_perms;
 
 # Allow WifiService to start, stop, and read wifi-specific trace events.
 allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:dir search;
 allow system_server debugfs_wifi_tracing:file rw_file_perms;
 
 # allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
-- 
GitLab