diff options
| author | dcashman <dcashman@google.com> | 2016-01-26 16:56:24 -0800 |
|---|---|---|
| committer | dcashman <dcashman@google.com> | 2016-01-26 16:56:24 -0800 |
| commit | 5833e3f5ca04e88629e3bd76331fa0ab42d568f4 (patch) | |
| tree | 9ccb1f12d4fca9ec8ac7a2ddc82581dfa84cb946 | |
| parent | 093ea6fb9a284acbce10641f8743de24abd70734 (diff) | |
| download | sepolicy-5833e3f5ca04e88629e3bd76331fa0ab42d568f4.tar.gz | |
Restore untrusted_app proc_net access.
Address the following denial:
type=1400 audit(0.0:853): avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0
Bug: 26806629
Change-Id: Ic2ad91aadac00dc04d7e04f7460d5681d81134f4
| -rw-r--r-- | untrusted_app.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 7aedc39..a92323e 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -92,6 +92,8 @@ dontaudit untrusted_app exec_type:file getattr; # TODO: access of /proc/meminfo, give specific label or switch to # using meminfo service allow untrusted_app proc:file r_file_perms; +# access /proc/net/xt_qtguid/stats +r_dir_file(untrusted_app, proc_net) ### ### neverallow rules |