From 2193f766bc1c7f997906a365238eb80839eb2617 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Fri, 22 Jan 2016 15:49:42 -0800
Subject: [PATCH] Temporarily allow untrusted_app to read proc files.

Address the following denial:
01-22 09:15:53.998  5325  5325 W ChildProcessMai: type=1400 audit(0.0:44): avc: denied { read } for name="meminfo" dev="proc" ino=4026535444 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Change-Id: Id2db5ba09dc9de58e6da7c213d4aa4657c6e655c
---
 untrusted_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 463745ef1..38d7472c8 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -89,6 +89,10 @@ allow untrusted_app self:process ptrace;
 # for files. Suppress the denials when they occur.
 dontaudit untrusted_app exec_type:file getattr;
 
+# TODO: access of /proc/meminfo, give specific label or switch to
+# using meminfo service
+allow untrusted_app proc:file r_file_perms;
+
 ###
 ### neverallow rules
 ###