From 1daa2bf03465c0b8e5279b89a2303f9aa6937079 Mon Sep 17 00:00:00 2001
From: Ivan Vecera <ivan@cera.cz>
Date: Wed, 23 Mar 2022 10:57:42 -0300
Subject: veux: sepolicy: Allow system_app to access zram sysfs nodes

04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:570): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
04-22 09:15:37.459 19569 19569 I auditd  : type=1400 audit(0.0:571): avc: denied { search } for comm="pool-2-thread-1" name="zram0" dev="sysfs" ino=48559 scontext=u:r:system_app:s0 tcontext=u:object_r:sysfs_zram:s0 tclass=dir permissive=0
---
 sepolicy/private/system_app.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 sepolicy/private/system_app.te

(limited to 'sepolicy/private')

diff --git a/sepolicy/private/system_app.te b/sepolicy/private/system_app.te
new file mode 100644
index 0000000..5ce4031
--- /dev/null
+++ b/sepolicy/private/system_app.te
@@ -0,0 +1,2 @@
+allow system_app sysfs_zram:dir search;
+allow system_app sysfs_zram:file r_file_perms;
\ No newline at end of file
-- 
cgit v1.2.3