sepolicy_vndr: legacy: allow apexd to write to sysfs_mmc_host

As qualcomm relabels read_ahead_kb and friends as sysfs_mmc_host we explicitly need to grant apexd access to it or it will break. This results in eg GSIs to be unbootable. type=1400 audit(3799551.036:40): avc: denied { read write } for comm="apexd" name="read_ahead_kb" dev="sysfs" ino=81305 scontext=u:r:apexd:s0 tcontext=u:object_r:sysfs_mmc_host:s0 tclass=file permissive=0 Change-Id: Iea24b94318893e8526e06e24bc3308acba37b0cc Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
author: Alexander Martinz <amartinz@shiftphones.com> 2022-10-17 19:02:58 +0200
committer: alk3pInjection <webmaster@raspii.tech> 2023-06-13 00:20:25 +0800
commit: 8fab8101976bbb08eee0e07de785a9c8cb730d86 (patch)
tree: ebbdd851cd232b0f1dc11994fa17ace1200c9150
parent: 935b6f7731098833b8dbaffec67053056a6523c2 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/legacy/vendor/common/apexd.te b/legacy/vendor/common/apexd.te
new file mode 100644
index 00000000..6b763320
--- /dev/null
+++ b/legacy/vendor/common/apexd.te
@@ -0,0 +1,2 @@
+# Allow apexd to configure read_ahead_kb
+allow apexd sysfs_mmc_host:file rw_file_perms;
author	Alexander Martinz <amartinz@shiftphones.com>	2022-10-17 19:02:58 +0200
committer	alk3pInjection <webmaster@raspii.tech>	2023-06-13 00:20:25 +0800
commit	8fab8101976bbb08eee0e07de785a9c8cb730d86 (patch)
tree	ebbdd851cd232b0f1dc11994fa17ace1200c9150
parent	935b6f7731098833b8dbaffec67053056a6523c2 (diff)