msm8996-common: Fix priv_app SELinux denials:

avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0 avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
author: Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> 2018-04-15 23:44:43 +0200
committer: Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> 2018-04-16 00:38:14 +0200
commit: 4a85ddd4e528458342dd1f96202a31cffcfd74f1 (patch)
tree: 1580f5933fca46f21f21c7b87bf4249aff9743d7 /sepolicy/priv_app.te
parent: ad2046fd80b8de00f13121892ebe1a31f45c4adc (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index 7af2f83..c556f05 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -3,3 +3,4 @@ allow priv_app { camera_prop proc_interrupts }:file { open read };
 allow priv_app camera_prop:file getattr;
 allow priv_app proc_modules:file { getattr open read };
 allow priv_app adsprpcd_file:filesystem getattr;
+allow priv_app proc_stat:file r_file_perms;
author	Cosme Domínguez Díaz <cosme.ddiaz@gmail.com>	2018-04-15 23:44:43 +0200
committer	Cosme Domínguez Díaz <cosme.ddiaz@gmail.com>	2018-04-16 00:38:14 +0200
commit	4a85ddd4e528458342dd1f96202a31cffcfd74f1 (patch)
tree	1580f5933fca46f21f21c7b87bf4249aff9743d7 /sepolicy/priv_app.te
parent	ad2046fd80b8de00f13121892ebe1a31f45c4adc (diff)