From a2477056ae6a702e7e71b671cd0c47afc1c7da8a Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 10 Sep 2013 11:13:15 -0700
Subject: [PATCH] Permit writing to /dev/random and /dev/urandom.

Apps attempting to write to /dev/random or /dev/urandom currently
succeed, but a policy violation is logged. These two Linux RNG
devices are meant to be written to by arbitrary apps. Thus, there's
no reason to deny this capability.

Bug: 10679705

Change-Id: Ife401f1dd2182889471eef7e90fcc92e96f9c4d6
---
 domain.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/domain.te b/domain.te
index f4fd6ae4f..7c9e7a668 100644
--- a/domain.te
+++ b/domain.te
@@ -61,8 +61,8 @@ allow domain log_device:dir search;
 allow domain log_device:chr_file rw_file_perms;
 allow domain nv_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
-allow domain urandom_device:chr_file r_file_perms;
-allow domain random_device:chr_file r_file_perms;
+allow domain urandom_device:chr_file rw_file_perms;
+allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:file r_file_perms;
 
 # Filesystem accesses.
-- 
GitLab