logd: grant perms from domain_deprecated

In preparation of removing permissions from domain_deprecated. Addresses: avc: denied { read } for name="psched" dev="proc" ino=4026536519 scontext=u:r:logd:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1 avc: denied { open } for path="/proc/147/net/psched" dev="proc" ino=4026536519 scontext=u:r:logd:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1 avc: denied { getattr } for path="/proc/147/net/psched" dev="proc" ino=4026536519 scontext=u:r:logd:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1 avc: denied { read } for name="kmsg" dev="proc" ino=4026536603 scontext=u:r:logd:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 avc: denied { open } for path="/proc/kmsg" dev="proc" ino=4026536603 scontext=u:r:logd:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 avc: denied { getattr } for path="/proc/meminfo" dev="proc" ino=4026536598 scontext=u:r:logd:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 Change-Id: Iaa67a6b8369c0449b09b64b807bc5819d6d68f02

logd: grant perms from domain_deprecated
2f3979a7 · Jeff Vander Stoep · cdae042a · 2f3979a7
Commit 2f3979a7 authored 9 years ago by Jeff Vander Stoep
--- a/logd.te
+++ b/logd.te
@@ -4,6 +4,10 @@ type logd_exec, exec_type, file_type;

 init_daemon_domain(logd)

+# Read access to pseudo filesystems.
+r_dir_file(logd, proc)
+r_dir_file(logd, proc_net)
+
 allow logd self:capability { setuid setgid sys_nice audit_control };
 allow logd self:capability2 syslog;
 allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };