selinux: fix selinux denial message for cnss_diag

That log happens after changing the user/group to system when running qxdm logger Bug: 35326998 avc: denied { read } for pid=9979 comm="cnss_diag" name="timestamp_switch" dev="sysfs" ino=24484 scontext=u:r:cnss_diag:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 igned-off-by: Ecco Park <eccopark@google.com> Change-Id: If4aae7005333af4c5051033839b34673a9f00a6b
author: Ecco Park <eccopark@google.com> 2017-03-22 13:52:57 -0700
committer: Ecco Park <eccopark@google.com> 2017-03-22 13:55:17 -0700
commit: 485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa (patch)
tree: 2b97f2487a386657f6f7c650a6b020d526b7ffe1 /sepolicy/cnss_diag.te
parent: 32a67ecc34db78bfe99dc42ac2126081170b1aef (diff)
download: marlin-485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/cnss_diag.te b/sepolicy/cnss_diag.te
index 089013df..61fb9e78 100644
--- a/sepolicy/cnss_diag.te
+++ b/sepolicy/cnss_diag.te
@@ -7,6 +7,7 @@ init_daemon_domain(cnss_diag)
 allow cnss_diag self:capability { setgid setuid };
 
 allow cnss_diag self:netlink_socket create_socket_perms_no_ioctl;
+allow cnss_diag sysfs:file r_file_perms;
 
 # b/35877764 suppress the udp_socket denial message temproarily
 dontaudit cnss_diag self:udp_socket create;
author	Ecco Park <eccopark@google.com>	2017-03-22 13:52:57 -0700
committer	Ecco Park <eccopark@google.com>	2017-03-22 13:55:17 -0700
commit	485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa (patch)
tree	2b97f2487a386657f6f7c650a6b020d526b7ffe1 /sepolicy/cnss_diag.te
parent	32a67ecc34db78bfe99dc42ac2126081170b1aef (diff)
download	marlin-485c7e800f14c4070e8aef8efebdf3ecb0d5a4fa.tar.gz