From: Danny Wood <danwood76@gmail.com>
Date: Fri, 29 Nov 2019 11:42:54 +0000 (+0000)
Subject: universal7580: sepolicy: correct sswap sysfs node labelling
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0df5b0cd10da545a9c1ad62761b9fb39ac140cd2;p=GitHub%2FLineageOS%2Fandroid_device_samsung_universal7580-common.git

universal7580: sepolicy: correct sswap sysfs node labelling

Change-Id: Id3a0757941ee4ec7bf73b4d012239b94c86ab782
---

diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 734b8eb..3d7ffda 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -63,9 +63,7 @@ genfscon sysfs /class/input_booster/head    u:object_r:sysfs_input:s0
 genfscon sysfs /class/input_booster/tail    u:object_r:sysfs_input:s0
 
 # Swap
-genfscon sysfs /devices/virtual/block/vnswap0/disksize              u:object_r:sysfs_sswap:s0
-genfscon sysfs /devices/virtual/block/vnswap0/swap_filename         u:object_r:sysfs_sswap:s0
-genfscon sysfs /devices/virtual/block/vnswap0/init_backing_storage  u:object_r:sysfs_sswap:s0
+genfscon sysfs /devices/virtual/block/vnswap0   u:object_r:sysfs_sswap:s0
 
 # CPU/Scheduler devices
 genfscon sysfs /power/cpufreq_table         u:object_r:sysfs_devices_system_cpu:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 4c0d720..6a35a07 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -49,6 +49,10 @@ allow init sysfs_gps:file setattr;
 # CPU permissions
 allow init sysfs_devices_system_cpu:file rw_file_perms;
 
+# sswap permissions
+allow init sswap_device:blk_file write;
+allow init sysfs_sswap:file { open write };
+
 # Block device sysfs
 allow init sysfs_block:file rw_file_perms;
 
diff --git a/sepolicy/sswap.te b/sepolicy/sswap.te
index f5a7a70..41fefb8 100644
--- a/sepolicy/sswap.te
+++ b/sepolicy/sswap.te
@@ -6,10 +6,10 @@ init_daemon_domain(sswap);
 
 allow sswap sswap_device:blk_file rw_file_perms;
 allow sswap sysfs_sswap:file rw_file_perms;
+allow sswap sysfs_sswap:dir search;
 allow sswap block_device:dir search;
 allow sswap self:capability sys_admin;
 
-allow sswap proc:file r_file_perms;
 allow sswap proc_meminfo:file r_file_perms;
 
 allow sswap properties_device:dir r_dir_perms;