Move sysfs access from domain_deprecated to platform_app

am: 88941f26db Change-Id: I9900b87f87c61ff8646e8b1efcf490173ce7a5f9
author: Jeff Vander Stoep <jeffv@google.com> 2017-07-28 00:26:44 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-07-28 00:26:44 +0000
commit: 8883eb87226929b9922736cc2720de99f7356947 (patch)
tree: 5c87302f6513d7fbadeb8f0be697eaef6396fd55
parent: 7e8dafaad387358b0a8f56ec48b45c858851a1d2 (diff)
parent: 88941f26dbbf44d0930fd9fde0d6ceb2798fc47c (diff)
download: angler-8883eb87226929b9922736cc2720de99f7356947.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 1bb447c..c9a4781 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -6,3 +6,9 @@ userdebug_or_eng(`
 ')
 
 allow platform_app oem_qmi_server:unix_stream_socket connectto;
+
+# TODO scope this down. Granting these here is not granting new permissions,
+# just moving existing permissions from domain_deprecated to platform_app as
+# part of b/28760354 in order to deprivilege other processes which do not need
+# access.
+r_dir_file(platform_app, sysfs)
author	Jeff Vander Stoep <jeffv@google.com>	2017-07-28 00:26:44 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-07-28 00:26:44 +0000
commit	8883eb87226929b9922736cc2720de99f7356947 (patch)
tree	5c87302f6513d7fbadeb8f0be697eaef6396fd55
parent	7e8dafaad387358b0a8f56ec48b45c858851a1d2 (diff)
parent	88941f26dbbf44d0930fd9fde0d6ceb2798fc47c (diff)
download	angler-8883eb87226929b9922736cc2720de99f7356947.tar.gz