From dff3f3769364804e032cf115b6e115066e04b01f Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 12 Jul 2017 10:32:04 -0700
Subject: [PATCH] Revert "ueventd: Grant write access to all files in /sys"

This reverts commit 5bf94cafdd309b27c437e9d1552a4939584951d5.

Remove this temporary workaround.

Bug: 63147833
Test: Build policy
---
 public/ueventd.te | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/public/ueventd.te b/public/ueventd.te
index b84ac7279..da2695f14 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -8,13 +8,15 @@ allow ueventd kmsg_device:chr_file rw_file_perms;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 
-r_dir_file(ueventd, rootfs)
-
-# ueventd needs write access to files in /sys to regenerate uevents
-allow ueventd { sysfs_type -usermodehelper }:file w_file_perms;
 r_dir_file(ueventd, sysfs_type)
-allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
-allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
+r_dir_file(ueventd, rootfs)
+allow ueventd sysfs:file w_file_perms;
+allow ueventd sysfs_usb:file w_file_perms;
+allow ueventd sysfs_hwrandom:file w_file_perms;
+allow ueventd sysfs_zram_uevent:file w_file_perms;
+allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
+allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;
 allow ueventd dev_type:lnk_file { create unlink };
-- 
GitLab