From bc4bd12a9df20996dca020eb3bcba7342a8c9270 Mon Sep 17 00:00:00 2001
From: Ivan Vecera <ivan@cera.cz>
Date: Thu, 22 Apr 2021 09:30:29 +0200
Subject: [PATCH] sm7250-common: sepolicy allow system_app to access zram sysfs
 nodes

04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:570): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:571): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0

Change-Id: Ide9b1a9488b26fa69e7a2c8e73a8e657c8b28beb
Signed-off-by: Ivan Vecera <ivan@cera.cz>
Signed-off-by: aswin7469 <aswinas@pixysos.com>
Signed-off-by: Sandeep-FED <sandymankara11@gmail.com>
Signed-off-by: Sandeep P S <sandymankara11@gmail.com>
---
 sepolicy/vendor/system_app.te | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 sepolicy/vendor/system_app.te

diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
new file mode 100644
index 0000000..8aebd20
--- /dev/null
+++ b/sepolicy/vendor/system_app.te
@@ -0,0 +1,9 @@
+allow system_app sysfs_zram:dir search;
+allow system_app proc_pagetypeinfo:file read;
+allow system_app sysfs_dm:file rw_file_perms;
+allow system_app sysfs_vibrator:file rw_file_perms;
+allow system_app sysfs_vibrator:dir r_dir_perms;
+allow system_app sysfs_leds:dir search;
+
+allow system_app sysfs_zram:dir search;
+allow system_app sysfs_zram:file r_file_perms;