From e9cb76381cd0b6097c2aa9c1bbdc3e06bf6ca558 Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Mon, 13 Feb 2017 08:48:51 -0800
Subject: [PATCH] Remove selinux denial

Don't audit directory writes to sysfs since they cannot succees
and therefore cannot be a security issue

Bug: 35303861
Test: Make sure denial is no longer shown
Change-Id: I1f31d35aa01e28e3eb7371b1a75fc4090ea40464
---
 private/init.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/private/init.te b/private/init.te
index d495d5473..8a6dcea77 100644
--- a/private/init.te
+++ b/private/init.te
@@ -17,3 +17,8 @@ domain_trans(init, init_exec, watchdogd)
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)
 ')
+
+# Creating files on sysfs is impossible so this isn't a threat
+# Sometimes we have to write to non-existent files to avoid conditional
+# init behavior. See b/35303861 for an example.
+dontaudit init sysfs:dir write;
-- 
GitLab