From 5833e3f5ca04e88629e3bd76331fa0ab42d568f4 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Tue, 26 Jan 2016 16:56:24 -0800
Subject: [PATCH] Restore untrusted_app proc_net access.

Address the following denial:
type=1400 audit(0.0:853): avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0

Bug: 26806629
Change-Id: Ic2ad91aadac00dc04d7e04f7460d5681d81134f4
---
 untrusted_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 7aedc3915..a92323e96 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -92,6 +92,8 @@ dontaudit untrusted_app exec_type:file getattr;
 # TODO: access of /proc/meminfo, give specific label or switch to
 # using meminfo service
 allow untrusted_app proc:file r_file_perms;
+# access /proc/net/xt_qtguid/stats
+r_dir_file(untrusted_app, proc_net)
 
 ###
 ### neverallow rules
-- 
GitLab