From 41bb446a752d8384d4d641802db76028015c25af Mon Sep 17 00:00:00 2001
From: Adithya R <gh0strider.2k18.reborn@gmail.com>
Date: Mon, 27 Nov 2023 16:58:28 +0530
Subject: [PATCH] sm8550-common: sepolicy: Allow system_server to write to
 tmpfs and zygote tmpfs

This denial is hit frequently on some device(s):

W CachedAppOptimi: type=1400 audit(0.0:146): avc: denied { write } for dev="tmpfs" ino=3073 scontext=u:r:system_server:s0 tcontext=u:object_r:zygote_tmpfs:s0 tclass=file permissive=0

W CachedAppOptimi: type=1400 audit(0.0:7910): avc:  denied  { write } for  dev="tmpfs" ino=1108 scontext=u:r:system_server:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=0

Change-Id: I6a08aa2c042f2d10fdeeefcd1f5f65ac844adf11
---
 sepolicy/private/system_server.te | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 sepolicy/private/system_server.te

diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te
new file mode 100644
index 0000000..9281c55
--- /dev/null
+++ b/sepolicy/private/system_server.te
@@ -0,0 +1,3 @@
+# CachedAppOptimizer
+allow system_server zygote_tmpfs:file rw_file_perms;
+allow system_server tmpfs:file rw_file_perms;