bootanim: allow /proc/meminfo read
Allow /proc/meminfo to be read by bootanim. Not sure why it's needed, but harmless enough. Modify domain_deprecated so it doesn't use r_dir_file(). /proc/meminfo is neither a symlink nor a directory, so it doesn't make sense to create allow rules for those classes of objects. Addresses the following denial: avc: denied { read } for comm="BootAnimation" name="meminfo" dev="proc" ino=4026536593 scontext=u:r:bootanim:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file permissive=0 This denial is only showing up on flounder, flounder_lte, or dragon devices. I'm not sure why. Change-Id: I0f808bcae47fc2fda512cd147c3b44593835cac5
This commit is contained in:
parent
81d2811cbb
commit
7a35c136a4
@ -23,6 +23,7 @@ allow bootanim ion_device:chr_file rw_file_perms;
|
||||
|
||||
# Read access to pseudo filesystems.
|
||||
r_dir_file(bootanim, proc)
|
||||
allow bootanim proc_meminfo:file r_file_perms;
|
||||
r_dir_file(bootanim, sysfs)
|
||||
r_dir_file(bootanim, cgroup)
|
||||
|
||||
|
@ -57,7 +57,7 @@ r_dir_file(domain_deprecated, proc)
|
||||
r_dir_file(domain_deprecated, sysfs)
|
||||
r_dir_file(domain_deprecated, inotify)
|
||||
r_dir_file(domain_deprecated, cgroup)
|
||||
r_dir_file(domain_deprecated, proc_meminfo)
|
||||
allow domain_deprecated proc_meminfo:file r_file_perms;
|
||||
r_dir_file(domain_deprecated, proc_net)
|
||||
|
||||
# Get SELinux enforcing status.
|
||||
|
Loading…
Reference in New Issue
Block a user