From 87ed5e8dbf220fd36471bdfbd42bf692c0371fc1 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Wed, 13 Sep 2017 14:34:56 -0700
Subject: [PATCH] Explicitly label logd's dependencies in /proc.

labeled /proc/kmsg as proc_kmsg, changed logd's access from proc to
proc_kmsg, and added a compat mapping.

Bug: 65643247
Test: device boots without selinux denials to the newly introduced proc_kmsg
Test: logd-unit-tests passes

Merged-In: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
Change-Id: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
(partial CP of commit 528da6fe3a0dbe4ae15355dff0152ab5f55197da)
---
 private/genfs_contexts | 1 +
 public/file.te         | 1 +
 public/logd.te         | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3914cec7d..9f6ef5d87 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -5,6 +5,7 @@ genfscon proc / u:object_r:proc:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /kmsg u:object_r:proc_kmsg:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
diff --git a/public/file.te b/public/file.te
index a525090cf..4a6feb8dd 100644
--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@ type proc_bluetooth_writable, fs_type;
 type proc_cpuinfo, fs_type;
 type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
+type proc_kmsg, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_modules, fs_type;
diff --git a/public/logd.te b/public/logd.te
index 62bff9739..c47bfd744 100644
--- a/public/logd.te
+++ b/public/logd.te
@@ -4,7 +4,7 @@ type logd_exec, exec_type, file_type;
 
 # Read access to pseudo filesystems.
 r_dir_file(logd, cgroup)
-r_dir_file(logd, proc)
+r_dir_file(logd, proc_kmsg)
 r_dir_file(logd, proc_meminfo)
 r_dir_file(logd, proc_net)
 
-- 
GitLab