From f226b0c9456ac07309a378e03e86add0e3badfb0 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Thu, 10 Dec 2015 13:26:42 -0800
Subject: [PATCH] Log app access to sysfs for removal.

Bug: 22032619
Change-Id: Ic160e0beef353c6dc5fb5e2d6a09a5628f067fe3
---
 app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app.te b/app.te
index 48aebbf0a..7364d2451 100644
--- a/app.te
+++ b/app.te
@@ -219,6 +219,10 @@ allow appdomain runas_exec:file getattr;
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
 
+# appdomain should not be accessing information on /sys
+auditallow appdomain sysfs:dir { open getattr read ioctl };
+auditallow appdomain sysfs:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab