vold: not allowed to read sysfs_batteryinfo
It doesn't need to read batteryinfo to function properly.
Bug: 110891415
Test: builds and boots
Change-Id: I7f388180a25101bfd0c088291ef03a9bf8ba2b2c
diff --git a/public/domain.te b/public/domain.te
index 6f603a6..c6fc9f8 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1423,7 +1423,5 @@
-incidentd
# TODO(b/110890430): remove this exception
-perfprofd
- # TODO(b/110891415, b/65643247): remove these exceptions
- -vold
} sysfs_batteryinfo:file { open read };
')
diff --git a/public/vold.te b/public/vold.te
index 06deefc..481f48c 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -13,7 +13,7 @@
auditallow vold proc_net_type:{ dir file lnk_file } { getattr open read };
')
-r_dir_file(vold, sysfs_type)
+r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
# XXX Label sysfs files with a specific type?
allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
allow vold sysfs_dm:file w_file_perms;