system_suspend: sysfs path resolution

/sys/class/wakeup/wakeupN can point to an arbitrary path in sysfs. Add "search" permission for path resolution. Bug: 144095608 Test: m selinux_policy Change-Id: I033d15b4ca56656f144189f5c2b1b885f30155a3
2019-11-12 13:37:03 -08:00 · 2019-11-12 13:37:03 -08:00 · e3e77ed264
commit e3e77ed264
parent ec2f903d9b
1 changed files with 2 additions and 0 deletions
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@ -13,6 +13,8 @@ allow system_suspend sysfs_power:file rw_file_perms;
 # Access to wakeup and suspend stats.
 r_dir_file(system_suspend, sysfs_suspend_stats)
 r_dir_file(system_suspend, sysfs_wakeup)
+# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
+allow system_suspend sysfs_type:dir search;

 neverallow {
    domain