From 4419ee786e29c177db0e9c303fa8a0c279093b26 Mon Sep 17 00:00:00 2001
From: renwei <renwei8@huawei.com>
Date: Tue, 18 Jan 2022 16:30:59 +0800
Subject: [PATCH] policy update

Signed-off-by: renwei <renwei8@huawei.com>
Change-Id: I38eddb28e8311c05978e48dd0e35f2f21d88508d
---
 sepolicy/base/public/domain.te                      | 8 ++++----
 sepolicy/base/system/file.te                        | 3 +--
 sepolicy/base/system/virtfs_contexts                | 5 +++--
 sepolicy/ohos_policy/startup/init/system/init.te    | 2 +-
 sepolicy/ohos_policy/startup/init/system/ueventd.te | 2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/sepolicy/base/public/domain.te b/sepolicy/base/public/domain.te
index 8119b3ecd..f5587b77d 100644
--- a/sepolicy/base/public/domain.te
+++ b/sepolicy/base/public/domain.te
@@ -39,8 +39,8 @@ allow domain domain:{ file lnk_file } read_file_perms;
 allow domain domain:{ fifo_file file } rw_file_perms;
 allow domain domain:unix_dgram_socket { create_socket_perms sendto };
 
-allow domain proc:dir read_dir_perms;
-allow domain proc:lnk_file { getattr read };
+allow domain proc_file:dir read_dir_perms;
+allow domain proc_file:lnk_file { getattr read };
 
 allow domain tmpfs:dir { getattr search };
 allow domain tmpfs:chr_file { read write open getattr setattr ioctl map };
@@ -75,8 +75,8 @@ allow domain {
 
 allow domain system_lib_file:file { execute read open getattr map };
 
-allow domain sysfs:dir search;
-allow domain sysfs:{ lnk_file file } { getattr read };
+allow domain sys_file:dir search;
+allow domain sys_file:{ lnk_file file } { getattr read };
 
 allow domain system_data_file:dir search;
 
diff --git a/sepolicy/base/system/file.te b/sepolicy/base/system/file.te
index 3972e157e..b980b5615 100644
--- a/sepolicy/base/system/file.te
+++ b/sepolicy/base/system/file.te
@@ -16,7 +16,7 @@ type labeledfs, fs_type;
 type pipefs, fs_type;
 type sockfs, fs_type;
 type rootfs, fs_type;
-type proc, fs_type, proc_type;
+type proc_file, fs_type, proc_type;
 type proc_panic, fs_type, proc_type;
 
 type unlabeled, fs_type;
@@ -27,7 +27,6 @@ type mqueue, fs_type;
 type sys_file, fs_type;
 type selinuxfs, fs_type;
 type cgroup, fs_type;
-type sysfs, fs_type;
 type inotify, fs_type;
 type debugfs, fs_type;
 type config_file, fs_type;
diff --git a/sepolicy/base/system/virtfs_contexts b/sepolicy/base/system/virtfs_contexts
index af7c8cf13..f80b74174 100644
--- a/sepolicy/base/system/virtfs_contexts
+++ b/sepolicy/base/system/virtfs_contexts
@@ -1,13 +1,14 @@
 # please put longer path ahead.
 # use relative path to mount point.
 genfscon rootfs / u:object_r:rootfs:s0
-genfscon proc / u:object_r:proc:s0
+genfscon proc / u:object_r:proc_file:s0
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 
 
 genfscon sysfs /block u:object_r:sysfs_block_file:s0
 genfscon sysfs /hisys u:object_r:sysfs_hisys_file:s0
-genfscon sysfs / u:object_r:sysfs:s0
+genfscon sysfs / u:object_r:sys_file:s0
 
 genfscon configfs / u:object_r:config_file:s0
 genfscon debugfs / u:object_r:debugfs:s0
+genfscon cgroup / u:object_r:cgroup:s0
\ No newline at end of file
diff --git a/sepolicy/ohos_policy/startup/init/system/init.te b/sepolicy/ohos_policy/startup/init/system/init.te
index 3332d2398..9bd90a858 100644
--- a/sepolicy/ohos_policy/startup/init/system/init.te
+++ b/sepolicy/ohos_policy/startup/init/system/init.te
@@ -47,7 +47,7 @@ allow init system_file:file execute_no_trans;
 
 allow init device:sock_file { create setattr };
 
-allow init sysfs:file setattr;
+allow init sys_file:file setattr;
 
 allow init shell_exec:file { execute_no_trans };
 allow init logserver_exec:file { execute_no_trans };
diff --git a/sepolicy/ohos_policy/startup/init/system/ueventd.te b/sepolicy/ohos_policy/startup/init/system/ueventd.te
index ec05c4e40..8d840e604 100644
--- a/sepolicy/ohos_policy/startup/init/system/ueventd.te
+++ b/sepolicy/ohos_policy/startup/init/system/ueventd.te
@@ -18,7 +18,7 @@ init_daemon_domain(ueventd);
 
 allow ueventd kernel:fd use;
 
-allow ueventd sysfs:file write_file_perms;
+allow ueventd sys_file:file write_file_perms;
 allow ueventd tmpfs:chr_file { create setattr unlink rw_file_perms };
 allow ueventd tmpfs:dir create_dir_perms;
 allow ueventd tmpfs:blk_file { create setattr unlink rw_file_perms };
-- 
Gitee