From cee729240e8c6a8aec63d10b4dae5d0e619229d8 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Thu, 7 Jan 2016 15:54:56 -0800
Subject: [PATCH] Allow domain to read symlinks in /sys.

Address the following denial:
avc: denied { read } for name="battery" dev="sysfs" ino=17945 scontext=u:r:shell:s0 tcontext=u:object_r:sysfs:s0 tclass=lnk_file permissive=0

Bug: 26219114
Change-Id: I862b40a6514bffaa455dd7f06368acf9bcdc4782
---
 domain.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/domain.te b/domain.te
index 98edece31..fb672ad09 100644
--- a/domain.te
+++ b/domain.te
@@ -96,6 +96,9 @@ allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
+# read any sysfs symlinks
+allow domain sysfs:lnk_file read;
+
 # libc references /data/misc/zoneinfo for timezone related information
 r_dir_file(domain, zoneinfo_data_file)
 
-- 
GitLab