From 99c78bf2fdde7e765fc667043b0afaa49c9098e5 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 8 Dec 2015 07:07:42 -0800
Subject: [PATCH] shell.te: Restore /proc/net access

The removal of domain_deprecated from the shell user in
https://android-review.googlesource.com/184260 removed /proc/net access.
Restore it.

Bug: 26075092
Change-Id: Iac21a1ec4b9e769c068bfdcdeeef8a7dbc93c593
---
 shell.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shell.te b/shell.te
index cc2783cd7..6eb7e5626 100644
--- a/shell.te
+++ b/shell.te
@@ -93,8 +93,9 @@ allow shell servicemanager:service_manager list;
 # don't allow shell to access GateKeeper service
 allow shell { service_manager_type -gatekeeper_service }:service_manager find;
 
-# allow shell to look through /proc/ for ps, top
+# allow shell to look through /proc/ for ps, top, netstat
 r_dir_file(shell, proc)
+r_dir_file(shell, proc_net)
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
-- 
GitLab