sepolicy: Allow kernel to read zram_swap_file
I auditd : type=1400 audit(0.0:362): avc: denied { read } for comm="loop31" path="/data/per_boot/zram_swap" dev="sdc51" ino=10416 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
Change-Id: Iae07ace1132b91a045fe9492b74f8630c7f8fc52
diff --git a/basic/non_plat/file.te b/basic/non_plat/file.te
index 2479d32..db224a3 100644
--- a/basic/non_plat/file.te
+++ b/basic/non_plat/file.te
@@ -568,6 +568,8 @@
type nfc_socket_file, file_type, data_file_type, core_data_file_type;
+type zram_swap_file, file_type, data_file_type, core_data_file_type;
+
##########################
# Socket types
#
diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts
index d16c911..19fbc82 100644
--- a/basic/non_plat/file_contexts
+++ b/basic/non_plat/file_contexts
@@ -38,6 +38,7 @@
/data/vendor/dipdebug(/.*)? u:object_r:aee_dipdebug_vendor_file:s0
/data/vendor/key_provisioning(/.*)? u:object_r:key_install_data_file:s0
/data/vendor/vcodec(/.*)? u:object_r:vcodec_file:s0
+/data/per_boot/zram_swap u:object_r:zram_swap_file:s0
# Misc data
/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
diff --git a/basic/non_plat/kernel.te b/basic/non_plat/kernel.te
index 8085697..6021be9 100644
--- a/basic/non_plat/kernel.te
+++ b/basic/non_plat/kernel.te
@@ -87,3 +87,4 @@
allow kernel expdb_block_device:blk_file rw_file_perms;
allow kernel block_device:blk_file rw_file_perms;
+allow kernel zram_swap_file:file r_file_perms;