bootstat: Fix the SELinux policy after removing domain_deprecated.

* Allow reading /proc. type=1400 audit(1453834004.239:7): avc: denied { read } for pid=1305 comm="bootstat" name="uptime" dev="proc" ino=4026536600 scontext=u:r:bootstat:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 * Define domain for the /system/bin/bootstat file. init: Service exec 4 (/system/bin/bootstat) does not have a SELinux domain defined. Bug: 21724738 Change-Id: I4baa2fa7466ac35a1ced79776943c07635ec9804

bootstat: Fix the SELinux policy after removing domain_deprecated.
2e8d71c3 · James Hawkins · 2fdeab37 · 2e8d71c3 · 2e8d71c3
Commit 2e8d71c3 authored 9 years ago by James Hawkins
--- a/bootstat.te
+++ b/bootstat.te
@@ -7,3 +7,6 @@ init_daemon_domain(bootstat)
 # Allow persistent storage in /data/misc/bootstat.
 allow bootstat bootstat_data_file:dir rw_dir_perms;
 allow bootstat bootstat_data_file:file create_file_perms;
+# Read access to pseudo filesystems (for /proc/uptime).
+r_dir_file(bootstat, proc)
\ No newline at end of file
--- a/file_contexts
+++ b/file_contexts
@@ -154,6 +154,7 @@
 /system/bin/sh		--	u:object_r:shell_exec:s0
 /system/bin/run-as	--	u:object_r:runas_exec:s0
 /system/bin/bootanimation u:object_r:bootanim_exec:s0
+/system/bin/bootstat		u:object_r:bootstat_exec:s0
 /system/bin/app_process32	u:object_r:zygote_exec:s0
 /system/bin/app_process64	u:object_r:zygote_exec:s0
 /system/bin/servicemanager	u:object_r:servicemanager_exec:s0