From 4a85ddd4e528458342dd1f96202a31cffcfd74f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cosme=20Dom=C3=ADnguez=20D=C3=ADaz?= <cosme.ddiaz@gmail.com>
Date: Sun, 15 Apr 2018 23:44:43 +0200
Subject: msm8996-common: Fix priv_app SELinux denials:

avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=tion.NEW_MODULE name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2212 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=2442 comm=lowpool[1] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=3917 comm=gcm-task#1 name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5270 comm=.gms.persistent name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=lowpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=5465 comm=highpool[3] name=stat dev=proc ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0

avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2241 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { open } for pid=2440 comm="lowpool[5]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0

avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="tion.NEW_MODULE" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2239 comm=".gms.persistent" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { getattr } for pid=2345 comm="lowpool[4]" path="/proc/stat" dev="proc" ino=4026532465 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
---
 sepolicy/priv_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index 7af2f83..c556f05 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -3,3 +3,4 @@ allow priv_app { camera_prop proc_interrupts }:file { open read };
 allow priv_app camera_prop:file getattr;
 allow priv_app proc_modules:file { getattr open read };
 allow priv_app adsprpcd_file:filesystem getattr;
+allow priv_app proc_stat:file r_file_perms;
-- 
cgit v1.2.3