sepolicy: Restrict access to /sys/devices/soc0/serial_number Change-Id: I6254ef6e160ff0d3c3ce2e51f20f557e75826dff

commit: efdc05a9076991f71f37d79cdaa167d1293925a4 [log] [tgz]
author: Michael Bestas <mkbestas@gmail.com> Thu May 11 19:23:36 2023 +0300
committer: Michael Bestas <mkbestas@lineageos.org> Thu May 11 20:14:34 2023 +0300
tree: a9c4e2a6eaab0502ca3c04facfee7f6800c8d2f6
parent: f587eed501d01b4bbaeb38e5fc536a2948a6e5dc [diff]
diff --git a/legacy/vendor/common/file.te b/legacy/vendor/common/file.te
index 23b8f12..48b83c9 100644
--- a/legacy/vendor/common/file.te
+++ b/legacy/vendor/common/file.te

@@ -191,6 +191,7 @@
 
 # Files accessed by qcom-system-daemon
 type sysfs_socinfo, fs_type, sysfs_type;
+type sysfs_socinfo_sensitive, fs_type, sysfs_type;
 type sysfs_soc, sysfs_type, fs_type;
 type vendor_sysfs_public, fs_type, sysfs_type;
 

diff --git a/legacy/vendor/common/genfs_contexts b/legacy/vendor/common/genfs_contexts
index cce796f..6b71950 100755
--- a/legacy/vendor/common/genfs_contexts
+++ b/legacy/vendor/common/genfs_contexts

@@ -34,6 +34,7 @@
 genfscon sysfs /module/msm_performance/workload_modes u:object_r:sysfs_msm_perf:s0
 genfscon sysfs /class/devfreq                               u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/soc0                                u:object_r:sysfs_socinfo:s0
+genfscon sysfs /devices/soc0/serial_number                  u:object_r:sysfs_socinfo_sensitive:s0
 genfscon sysfs /class/kgsl                                  u:object_r:sysfs_kgsl:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,cpubw/devfreq u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0/devfreq u:object_r:sysfs_devfreq:s0
commit	efdc05a9076991f71f37d79cdaa167d1293925a4	[log] [tgz]
author	Michael Bestas <mkbestas@gmail.com>	Thu May 11 19:23:36 2023 +0300
committer	Michael Bestas <mkbestas@lineageos.org>	Thu May 11 20:14:34 2023 +0300
tree	a9c4e2a6eaab0502ca3c04facfee7f6800c8d2f6
parent	f587eed501d01b4bbaeb38e5fc536a2948a6e5dc [diff]