From c4050270fd85f1722c2fe79499ef6ac6efa9897e Mon Sep 17 00:00:00 2001
From: Elektroschmock <elektroschmock78@googlemail.com>
Date: Fri, 23 Sep 2022 19:58:07 +0800
Subject: [PATCH] sdm660-common: sepolicy: Label /dev/stune(/.*) as cgroup

* avc: denied { write } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="adb_root" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:adbroot:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="installd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:installd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="netd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:netd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { open } for comm="storaged" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:storaged:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0
* avc: denied { write } for comm="apexd" name="tasks" dev="tmpfs" ino=5693
  scontext=u:r:apexd:s0 tcontext=u:object_r:device:s0 tclass=file
  permissive=0

Change-Id: Idc69978328640ff40ad5efe2f0abd79304e75893
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
---
 sepolicy/vendor/file_contexts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 8413a4ab..6eec4c42 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -12,6 +12,9 @@
 /dev/blkio(/.*)?                                                                                                                  u:object_r:blkio_dev:s0
 /dev/blkio/background(/.*)?                                                                                                       u:object_r:blkio_dev:s0
 
+# Device nodes
+/dev/stune(/.*)?	                                                                                                           u:object_r:cgroup:s0
+
 # Executables
 /vendor/bin/sh                                                                                                                    u:object_r:vendor_shell_exec:s0