Allow regmap debugfs for drivers probed by insmod

auditd : type=1400 audit(0.0:731): avc: denied { search } for comm="modprobe" name="regmap" dev="debugfs" ino=2057 scontext=u:r:insmod-sh:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=1 bug=b/274727542 vendor_kernel_boot and vendor_dlkm modules probe by insmod need this. Move regmap debugfs from legacy/whitechapel_pro/ to vendor/. Bug: 274727542 Bug: 289012421 Test: ls -d /sys/kernel/debug/regmap/*-0043 Change-Id: I2bd35a6bc942536505f62d4122f0de892f243802
author: Tai Kuo <taikuo@google.com> 2023-09-12 15:34:16 +0800
committer: Tai Kuo <taikuo@google.com> 2023-09-12 16:45:09 +0800
commit: 1a65e5d5e43de3bb18c01b44243dd6d8103f2e33 (patch)
tree: 9304df04f5f9eab8e1bd92a35ef69af246ac2318
parent: 4bb847b815de442b4e8e74a6f115dbd0bbfef200 (diff)
download: zuma-sepolicy-1a65e5d5e43de3bb18c01b44243dd6d8103f2e33.tar.gz
6 files changed, 3 insertions, 7 deletions
diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te
index f59a80b..db0b31f 100644
--- a/legacy/whitechapel_pro/file.te
+++ b/legacy/whitechapel_pro/file.te
@@ -12,9 +12,6 @@ type sysfs_bcmdhd, sysfs_type, fs_type;
 type sysfs_chargelevel, sysfs_type, fs_type;
 type sysfs_camera, sysfs_type, fs_type;
 
-# debugfs
-type vendor_regmap_debugfs, fs_type, debugfs_type;
-
 # persist
 type persist_ss_file, file_type, vendor_persist_type;
 
diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts
index dccae4e..34f9ee4 100644
--- a/legacy/whitechapel_pro/genfs_contexts
+++ b/legacy/whitechapel_pro/genfs_contexts
@@ -30,9 +30,6 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count
 genfscon proc /fs/f2fs                                                  u:object_r:proc_f2fs:s0
 genfscon proc /sys/vm/swappiness                                        u:object_r:proc_dirty:s0
 
-# debugfs
-genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
-
 # Haptics
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a      u:object_r:sysfs_vibrator:s0
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 74f2fbb..7c532ac 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -4,7 +4,6 @@ hal_uwb_default debugfs file b/288049522
 incidentd debugfs_wakeup_sources file b/288049561
 incidentd incidentd anon_inode b/288049561
 insmod-sh insmod-sh key b/274374722
-insmod-sh vendor_regmap_debugfs dir b/274727542
 mtectrl unlabeled dir b/264483752
 systemui_app wm_trace_data_file dir b/288049075
 vendor_init proc file b/289856761
diff --git a/vendor/file.te b/vendor/file.te
index c87d37c..ce20aa0 100644
--- a/vendor/file.te
+++ b/vendor/file.te
@@ -29,6 +29,7 @@ type vendor_battery_debugfs, fs_type, debugfs_type;
 type vendor_pm_genpd_debugfs, fs_type, debugfs_type;
 type vendor_usb_debugfs, fs_type, debugfs_type;
 type vendor_maxfg_debugfs, fs_type, debugfs_type;
+type vendor_regmap_debugfs, fs_type, debugfs_type;
 
 # WLC
 type sysfs_wlc, sysfs_type, fs_type;
diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts
index 254baa0..35a4aff 100644
--- a/vendor/genfs_contexts
+++ b/vendor/genfs_contexts
@@ -35,6 +35,7 @@ genfscon debugfs /google_battery                                        u:object
 genfscon debugfs /pm_genpd/pm_genpd_summary                             u:object_r:vendor_pm_genpd_debugfs:s0
 genfscon debugfs /usb                                                   u:object_r:vendor_usb_debugfs:s0
 genfscon debugfs /maxfg                                                 u:object_r:vendor_maxfg_debugfs:s0
+genfscon debugfs /regmap                                                u:object_r:vendor_regmap_debugfs:s0
 
 # Extcon
 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0   u:object_r:sysfs_extcon:s0
diff --git a/vendor/insmod-sh.te b/vendor/insmod-sh.te
index e09c248..f80660c 100644
--- a/vendor/insmod-sh.te
+++ b/vendor/insmod-sh.te
@@ -1,2 +1,3 @@
 allow insmod-sh self:capability sys_nice;
 allow insmod-sh kernel:process setsched;
+allow insmod-sh vendor_regmap_debugfs:dir search;
author	Tai Kuo <taikuo@google.com>	2023-09-12 15:34:16 +0800
committer	Tai Kuo <taikuo@google.com>	2023-09-12 16:45:09 +0800
commit	1a65e5d5e43de3bb18c01b44243dd6d8103f2e33 (patch)
tree	9304df04f5f9eab8e1bd92a35ef69af246ac2318
parent	4bb847b815de442b4e8e74a6f115dbd0bbfef200 (diff)
download	zuma-sepolicy-1a65e5d5e43de3bb18c01b44243dd6d8103f2e33.tar.gz