From 62e6850a2be1954148e5282cb773ea22cca4b214 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 15 Feb 2018 18:07:18 -0800
Subject: [PATCH] proc_type attribute for files under /proc.

With this attribute it will be easier to reference /proc files.

Bug: 74182216
Test: policy builds
Change-Id: I5b7da508d821e45f122832261a742a201e8fdf2c
(cherry picked from commit 41bf08e592fd3ef8e3dcc9a9eccc99e6a7753e8a)
---
 private/file.te   |   2 +-
 public/attributes |   5 ++-
 public/file.te    | 112 +++++++++++++++++++++++-----------------------
 3 files changed, 61 insertions(+), 58 deletions(-)

diff --git a/private/file.te b/private/file.te
index 0dcf25461..fda972b48 100644
--- a/private/file.te
+++ b/private/file.te
@@ -1,5 +1,5 @@
 # /proc/config.gz
-type config_gz, fs_type;
+type config_gz, fs_type, proc_type;
 
 # /data/misc/stats-data, /data/misc/stats-service
 type stats_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/attributes b/public/attributes
index 4afc27f58..159d28e4e 100644
--- a/public/attributes
+++ b/public/attributes
@@ -36,7 +36,10 @@ expandattribute core_data_file_type false;
 # All types in /vendor
 attribute vendor_file_type;
 
-# All types use for sysfs files.
+# All types used for procfs files.
+attribute proc_type;
+
+# All types used for sysfs files.
 attribute sysfs_type;
 
 # All types use for debugfs files.
diff --git a/public/file.te b/public/file.te
index 713f8c0e3..c0ea4d867 100644
--- a/public/file.te
+++ b/public/file.te
@@ -3,65 +3,65 @@ type labeledfs, fs_type;
 type pipefs, fs_type;
 type sockfs, fs_type;
 type rootfs, fs_type;
-type proc, fs_type;
+type proc, fs_type, proc_type;
 # Security-sensitive proc nodes that should not be writable to most.
-type proc_security, fs_type;
-type proc_drop_caches, fs_type;
-type proc_overcommit_memory, fs_type;
-type proc_min_free_order_shift, fs_type;
+type proc_security, fs_type, proc_type;
+type proc_drop_caches, fs_type, proc_type;
+type proc_overcommit_memory, fs_type, proc_type;
+type proc_min_free_order_shift, fs_type, proc_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
-type usermodehelper, fs_type;
+type usermodehelper, fs_type, proc_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;
-type qtaguid_proc, fs_type, mlstrustedobject;
-type proc_qtaguid_stat, fs_type, mlstrustedobject;
-type proc_bluetooth_writable, fs_type;
-type proc_abi, fs_type;
-type proc_asound, fs_type;
-type proc_buddyinfo, fs_type;
-type proc_cmdline, fs_type;
-type proc_cpuinfo, fs_type;
-type proc_dirty, fs_type;
-type proc_diskstats, fs_type;
-type proc_extra_free_kbytes, fs_type;
-type proc_filesystems, fs_type;
-type proc_hostname, fs_type;
-type proc_hung_task, fs_type;
-type proc_interrupts, fs_type;
-type proc_iomem, fs_type;
-type proc_kmsg, fs_type;
-type proc_loadavg, fs_type;
-type proc_max_map_count, fs_type;
-type proc_meminfo, fs_type;
-type proc_misc, fs_type;
-type proc_modules, fs_type;
-type proc_mounts, fs_type;
-type proc_net, fs_type;
-type proc_page_cluster, fs_type;
-type proc_pagetypeinfo, fs_type;
-type proc_panic, fs_type;
-type proc_perf, fs_type;
-type proc_pid_max, fs_type;
-type proc_pipe_conf, fs_type;
-type proc_random, fs_type;
-type proc_sched, fs_type;
-type proc_stat, fs_type;
-type proc_swaps, fs_type;
-type proc_sysrq, fs_type;
-type proc_timer, fs_type;
-type proc_tty_drivers, fs_type;
-type proc_uid_cputime_showstat, fs_type;
-type proc_uid_cputime_removeuid, fs_type;
-type proc_uid_io_stats, fs_type;
-type proc_uid_procstat_set, fs_type;
-type proc_uid_time_in_state, fs_type;
-type proc_uid_concurrent_active_time, fs_type;
-type proc_uid_concurrent_policy_time, fs_type;
-type proc_uid_cpupower, fs_type;
-type proc_uptime, fs_type;
-type proc_version, fs_type;
-type proc_vmallocinfo, fs_type;
-type proc_vmstat, fs_type;
-type proc_zoneinfo, fs_type;
+type qtaguid_proc, fs_type, mlstrustedobject, proc_type;
+type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
+type proc_bluetooth_writable, fs_type, proc_type;
+type proc_abi, fs_type, proc_type;
+type proc_asound, fs_type, proc_type;
+type proc_buddyinfo, fs_type, proc_type;
+type proc_cmdline, fs_type, proc_type;
+type proc_cpuinfo, fs_type, proc_type;
+type proc_dirty, fs_type, proc_type;
+type proc_diskstats, fs_type, proc_type;
+type proc_extra_free_kbytes, fs_type, proc_type;
+type proc_filesystems, fs_type, proc_type;
+type proc_hostname, fs_type, proc_type;
+type proc_hung_task, fs_type, proc_type;
+type proc_interrupts, fs_type, proc_type;
+type proc_iomem, fs_type, proc_type;
+type proc_kmsg, fs_type, proc_type;
+type proc_loadavg, fs_type, proc_type;
+type proc_max_map_count, fs_type, proc_type;
+type proc_meminfo, fs_type, proc_type;
+type proc_misc, fs_type, proc_type;
+type proc_modules, fs_type, proc_type;
+type proc_mounts, fs_type, proc_type;
+type proc_net, fs_type, proc_type;
+type proc_page_cluster, fs_type, proc_type;
+type proc_pagetypeinfo, fs_type, proc_type;
+type proc_panic, fs_type, proc_type;
+type proc_perf, fs_type, proc_type;
+type proc_pid_max, fs_type, proc_type;
+type proc_pipe_conf, fs_type, proc_type;
+type proc_random, fs_type, proc_type;
+type proc_sched, fs_type, proc_type;
+type proc_stat, fs_type, proc_type;
+type proc_swaps, fs_type, proc_type;
+type proc_sysrq, fs_type, proc_type;
+type proc_timer, fs_type, proc_type;
+type proc_tty_drivers, fs_type, proc_type;
+type proc_uid_cputime_showstat, fs_type, proc_type;
+type proc_uid_cputime_removeuid, fs_type, proc_type;
+type proc_uid_io_stats, fs_type, proc_type;
+type proc_uid_procstat_set, fs_type, proc_type;
+type proc_uid_time_in_state, fs_type, proc_type;
+type proc_uid_concurrent_active_time, fs_type, proc_type;
+type proc_uid_concurrent_policy_time, fs_type, proc_type;
+type proc_uid_cpupower, fs_type, proc_type;
+type proc_uptime, fs_type, proc_type;
+type proc_version, fs_type, proc_type;
+type proc_vmallocinfo, fs_type, proc_type;
+type proc_vmstat, fs_type, proc_type;
+type proc_zoneinfo, fs_type, proc_type;
 type selinuxfs, fs_type, mlstrustedobject;
 type cgroup, fs_type, mlstrustedobject;
 type cgroup_bpf, fs_type;
-- 
GitLab