diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index a1e6b5fde83e7781ca1ed7f7248859bb91600446..e58fa4ed857c1998533a07779296cc9af19129c0 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -467,6 +467,7 @@
proc_page_cluster
proc_pagetypeinfo
proc_panic
+ proc_pipe_conf
proc_random
proc_sched
proc_swaps
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9c08934d5bb0a729167783bbcaca387fbb276ad9..4f3a96ca6bd2e0ab5a541e027de163b0b317e9a3 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -24,6 +24,7 @@ genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
diff --git a/private/system_server.te b/private/system_server.te
index 93c6a57ee1c65dea180cd88a113b22a78060ea77..d2a0c5e28ef774427641d59c487f4e81e17f01d1 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -124,24 +124,15 @@ r_dir_file(system_server, domain)
allow system_server qtaguid_proc:file rw_file_perms;
allow system_server qtaguid_device:chr_file rw_file_perms;
-# Read /proc/uid_cputime/show_uid_stat.
-allow system_server proc_uid_cputime_showstat:file r_file_perms;
-
# Write /proc/uid_cputime/remove_uid_range.
allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
# Write /proc/uid_procstat/set.
allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
-# Read /proc/uid_time_in_state.
-allow system_server proc_uid_time_in_state:file r_file_perms;
-
# Write to /proc/sysrq-trigger.
allow system_server proc_sysrq:file rw_file_perms;
-# Read /proc/stat for CPU usage statistics
-allow system_server proc_stat:file r_file_perms;
-
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs:file r_file_perms;
@@ -690,12 +681,19 @@ r_dir_file(system_server, cgroup)
allow system_server ion_device:chr_file r_file_perms;
r_dir_file(system_server, proc_asound)
-r_dir_file(system_server, proc_loadavg)
-r_dir_file(system_server, proc_meminfo)
r_dir_file(system_server, proc_net)
-r_dir_file(system_server, proc_pagetypeinfo)
-r_dir_file(system_server, proc_version)
-r_dir_file(system_server, proc_vmallocinfo)
+allow system_server {
+ proc_loadavg
+ proc_meminfo
+ proc_pagetypeinfo
+ proc_pipe_conf
+ proc_stat
+ proc_uid_cputime_showstat
+ proc_uid_time_in_state
+ proc_version
+ proc_vmallocinfo
+}:file r_file_perms;
+
r_dir_file(system_server, rootfs)
### Rules needed when Light HAL runs inside system_server process.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f8ef840c88efc92152cd841a800657a76d8870e6..772b63d76e96d45f0572154987785f022e144801 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -151,12 +151,15 @@ control_logd(dumpstate)
read_runtime_log_tags(dumpstate)
# Read files in /proc
-allow dumpstate proc_cmdline:file r_file_perms;
-allow dumpstate proc_meminfo:file r_file_perms;
-allow dumpstate proc_net:file r_file_perms;
-allow dumpstate proc_pagetypeinfo:file r_file_perms;
-allow dumpstate proc_version:file r_file_perms;
-allow dumpstate proc_vmallocinfo:file r_file_perms;
+allow dumpstate {
+ proc_cmdline
+ proc_meminfo
+ proc_net
+ proc_pipe_conf
+ proc_pagetypeinfo
+ proc_version
+ proc_vmallocinfo
+}:file r_file_perms;
r_dir_file(dumpstate, proc)
# Read network state info files.
diff --git a/public/file.te b/public/file.te
index 5353a3deca7e73d6e01765fcb2db3fa0b8afaf48..29bf9be3ef0b1399f9b2447caa51ab62ad3207e4 100644
--- a/public/file.te
+++ b/public/file.te
@@ -38,6 +38,7 @@ type proc_page_cluster, fs_type;
type proc_pagetypeinfo, fs_type;
type proc_panic, fs_type;
type proc_perf, fs_type;
+type proc_pipe_conf, fs_type;
type proc_random, fs_type;
type proc_sched, fs_type;
type proc_stat, fs_type;