From 5bf94cafdd309b27c437e9d1552a4939584951d5 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 11 Jul 2017 07:50:33 -0700
Subject: [PATCH] ueventd: Grant write access to all files in /sys

Ueventd needs write access to all files in /sys to generate uevents.

Bug: 63147833
Test: build. Verify no ueventd denials in the logs.
Change-Id: I89d33aab158dd192e761f14eff8afa1c71594bca
---
 public/ueventd.te | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/public/ueventd.te b/public/ueventd.te
index da2695f14..b84ac7279 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -8,15 +8,13 @@ allow ueventd kmsg_device:chr_file rw_file_perms;
 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;
 
-r_dir_file(ueventd, sysfs_type)
 r_dir_file(ueventd, rootfs)
-allow ueventd sysfs:file w_file_perms;
-allow ueventd sysfs_usb:file w_file_perms;
-allow ueventd sysfs_hwrandom:file w_file_perms;
-allow ueventd sysfs_zram_uevent:file w_file_perms;
-allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
-allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
-allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
+
+# ueventd needs write access to files in /sys to regenerate uevents
+allow ueventd { sysfs_type -usermodehelper }:file w_file_perms;
+r_dir_file(ueventd, sysfs_type)
+allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;
 allow ueventd dev_type:lnk_file { create unlink };