Something went wrong on our end
-
dcashman authoredAbility to read all of proc was placed in domain_deprecated with the intention of reducing information leaking from proc. Many processes try to read proc dirs, though. Allow this with the belief that information leakage is from the proc files themselves rather than dir structure. Address the following denial: avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0 Bug: 26833472 Change-Id: I975ae022c093e1cf80de21487dc11e49f938e5a3dcashman authoredAbility to read all of proc was placed in domain_deprecated with the intention of reducing information leaking from proc. Many processes try to read proc dirs, though. Allow this with the belief that information leakage is from the proc files themselves rather than dir structure. Address the following denial: avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0 Bug: 26833472 Change-Id: I975ae022c093e1cf80de21487dc11e49f938e5a3