From dcad0f04cfe423d490019d23528ed9fe1e54b047 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 23 Jan 2018 11:37:14 -0800
Subject: [PATCH] vold: clarify sysfs access

And remove a redundant rule.

Test: sesearch shows no changes to vold's sepolicy.
Change-Id: Icccc18696e98b999968ecbe0fb7862c35575a9b3
---
 public/vold.te | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/public/vold.te b/public/vold.te
index f754db7d2..a490e0643 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -11,7 +11,7 @@ allow vold cache_file:lnk_file r_file_perms;
 r_dir_file(vold, proc_net)
 r_dir_file(vold, sysfs_type)
 # XXX Label sysfs files with a specific type?
-allow vold sysfs:file w_file_perms;
+allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
 allow vold sysfs_dm:file w_file_perms;
 allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;
@@ -89,9 +89,6 @@ allow vold domain:{ file lnk_file } r_file_perms;
 allow vold domain:process { signal sigkill };
 allow vold self:global_capability_class_set { sys_ptrace kill };
 
-# XXX Label sysfs files with a specific type?
-allow vold sysfs:file rw_file_perms;
-
 allow vold kmsg_device:chr_file rw_file_perms;
 
 # Run fsck in the fsck domain.
-- 
GitLab