From d499e9145a1590644d64105daa14a1d6c9f24913 Mon Sep 17 00:00:00 2001
From: Tianjie Xu <xunchang@google.com>
Date: Wed, 16 Aug 2017 13:09:56 -0700
Subject: [PATCH] Allow update_verifier to write to kmsg

Denial message:
avc: denied { write } for pid=640 comm="update_verifier" name="kmsg"
dev="tmpfs" ino=13951 scontext=u:r:update_verifier:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Bug: 64713327
Test: update_verifier logs successfully during boot time.
Change-Id: I421b1e6660239e5ffc624e504f5945d400510407
---
 public/update_verifier.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/update_verifier.te b/public/update_verifier.te
index 4d4e1f9ec..6bba17b76 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -12,6 +12,9 @@ allow update_verifier ota_package_file:file r_file_perms;
 # Read all blocks in dm wrapped system partition.
 allow update_verifier dm_device:blk_file r_file_perms;
 
+# Write to kernel message.
+allow update_verifier kmsg_device:chr_file w_file_perms;
+
 # Allow update_verifier to reboot the device.
 set_prop(update_verifier, powerctl_prop)
 
-- 
GitLab