Move sysfs access from domain_deprecated to platform_app am: 88941f26db am: 8883eb8722

am: b30538b481 Change-Id: I31491ba663de3bd6bbb7aa896d6f9efd4841f19d
author: Jeff Vander Stoep <jeffv@google.com> 2017-07-28 00:32:14 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-07-28 00:32:14 +0000
commit: a1d1d0b81292ae6a5beea413a5da20fbb63088a1 (patch)
tree: e2b72f9ab2abfbc40c7ad6e613d01806e06443a3
parent: 064636a211c1e76af9e58d6b1ace41ccf33e712e (diff)
parent: b30538b481ccc347411218ca7506198e55cb2ce7 (diff)
download: angler-a1d1d0b81292ae6a5beea413a5da20fbb63088a1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 1bb447c..c9a4781 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -6,3 +6,9 @@ userdebug_or_eng(`
 ')
 
 allow platform_app oem_qmi_server:unix_stream_socket connectto;
+
+# TODO scope this down. Granting these here is not granting new permissions,
+# just moving existing permissions from domain_deprecated to platform_app as
+# part of b/28760354 in order to deprivilege other processes which do not need
+# access.
+r_dir_file(platform_app, sysfs)
author	Jeff Vander Stoep <jeffv@google.com>	2017-07-28 00:32:14 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-07-28 00:32:14 +0000
commit	a1d1d0b81292ae6a5beea413a5da20fbb63088a1 (patch)
tree	e2b72f9ab2abfbc40c7ad6e613d01806e06443a3
parent	064636a211c1e76af9e58d6b1ace41ccf33e712e (diff)
parent	b30538b481ccc347411218ca7506198e55cb2ce7 (diff)
download	angler-a1d1d0b81292ae6a5beea413a5da20fbb63088a1.tar.gz