Add sysfs_type attribute to sysfs, coalesce ueventd rules.

As per the discussion in: https://android-review.googlesource.com/#/c/92903/ Add sysfs_type attribute to sysfs type so that it is included in rules on sysfs_type, allow setattr to all sysfs_type for ueventd for chown/chmod, and get rid of redundant rules. Change-Id: I1228385d5703168c3852ec75605ed8da7c99b83d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Add sysfs_type attribute to sysfs, coalesce ueventd rules.
9add1f03 · Stephen Smalley · 7004789d · 9add1f03 · 9add1f03
Commit 9add1f03 authored 10 years ago by Stephen Smalley
--- a/file.te
+++ b/file.te
@@ -14,7 +14,7 @@ type proc_net, fs_type;
 type proc_sysrq, fs_type;
 type selinuxfs, fs_type;
 type cgroup, fs_type, mlstrustedobject;
-type sysfs, fs_type, mlstrustedobject;
+type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;

--- a/ueventd.te
+++ b/ueventd.te
@@ -11,10 +11,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs:file setattr;
-allow ueventd sysfs:file relabelfrom;
-allow ueventd sysfs_type:file { relabelfrom relabelto };
-allow ueventd sysfs_devices_system_cpu:file {rw_file_perms setattr};
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;
 allow ueventd dev_type:lnk_file { create unlink };