I work on android 11 device and got below avc denial:
avc: denied { write } for name="wake_lock" dev="sysfs" ino=15207 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file permissive=0 app=com.sample.demo
I add below rule to pri_app.te:
allow priv_app sysfs_wake_lock:file { write };
But it doesn't work, then I search it from google and someone said need to add mlstrustedsubject attribute since it's a MLS rulte!
But aosp code add a neverallow rule in system priv_app.te so build will failure:
neverallow priv_app mlstrustedsubject:process fork;
What's correct way to fix this selinux issue?
add mlstrustedobject check for sysfs_wake_lock;
type sysfs_wake_lock, fs_type, sysfs_type,mlstrustedobject;
or
typeattribute sysfs_wake_lock mlstrustedobject;