From 335faf2b9b2d68d02223d1aedecf826bb9597f34 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 21 Feb 2014 11:39:30 -0500
Subject: [PATCH] Allow stat of /sys/module/lowmemorykiller files by
 system_server.

<5>[   43.929760] type=1400 audit(6342882.819:16): avc:  denied  { getattr } for  pid=779 comm="system_server" path="/sys/module/lowmemorykiller/parameters/adj" dev="sysfs" ino=6048 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_lowmemorykiller:s0 tclass=file

Change-Id: I48828ca26814c6376c9c71c368f3eff0f7a8f219
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index 945b59bd8..ca95abf4a 100644
--- a/system_server.te
+++ b/system_server.te
@@ -255,4 +255,4 @@ allow system_server zygote:unix_dgram_socket write;
 # Be consistent with DAC permissions. Allow system_server to write to
 # /sys/module/lowmemorykiller/parameters/adj
 # /sys/module/lowmemorykiller/parameters/minfree
-allow system_server sysfs_lowmemorykiller:file w_file_perms;
+allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
-- 
GitLab