From b8bdfde3d0d23f4730155bba807276eb06a3aa48 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 3 Jul 2014 16:10:01 -0700
Subject: [PATCH] ueventd: Add policy support for ueventd labeling changes

Currently, ueventd only modifies the SELinux label on a file
if the entry exists in /ueventd.rc. Add policy support to enable
an independent restorecon_recursive whenever a uevent message occurs.

Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
---
 ueventd.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ueventd.te b/ueventd.te
index 25460de2b..7d60c5aba 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -10,7 +10,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;