2e8d71c3be
* Allow reading /proc.
type=1400 audit(1453834004.239:7): avc: denied { read } for pid=1305
comm="bootstat" name="uptime" dev="proc" ino=4026536600
scontext=u:r:bootstat:s0 tcontext=u:object_r:proc:s0 tclass=file
permissive=0
* Define domain for the /system/bin/bootstat file.
init: Service exec 4 (/system/bin/bootstat) does not have a SELinux
domain defined.
Bug: 21724738
Change-Id: I4baa2fa7466ac35a1ced79776943c07635ec9804
12 lines
359 B
Plaintext
12 lines
359 B
Plaintext
# bootstat command
|
|
type bootstat, domain;
|
|
type bootstat_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(bootstat)
|
|
|
|
# Allow persistent storage in /data/misc/bootstat.
|
|
allow bootstat bootstat_data_file:dir rw_dir_perms;
|
|
allow bootstat bootstat_data_file:file create_file_perms;
|
|
|
|
# Read access to pseudo filesystems (for /proc/uptime).
|
|
r_dir_file(bootstat, proc) |