From 99c78bf2fdde7e765fc667043b0afaa49c9098e5 Mon Sep 17 00:00:00 2001 From: Nick Kralevich <nnk@google.com> Date: Tue, 8 Dec 2015 07:07:42 -0800 Subject: [PATCH] shell.te: Restore /proc/net access The removal of domain_deprecated from the shell user in https://android-review.googlesource.com/184260 removed /proc/net access. Restore it. Bug: 26075092 Change-Id: Iac21a1ec4b9e769c068bfdcdeeef8a7dbc93c593 --- shell.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shell.te b/shell.te index cc2783cd7..6eb7e5626 100644 --- a/shell.te +++ b/shell.te @@ -93,8 +93,9 @@ allow shell servicemanager:service_manager list; # don't allow shell to access GateKeeper service allow shell { service_manager_type -gatekeeper_service }:service_manager find; -# allow shell to look through /proc/ for ps, top +# allow shell to look through /proc/ for ps, top, netstat r_dir_file(shell, proc) +r_dir_file(shell, proc_net) r_dir_file(shell, cgroup) allow shell domain:dir { search open read getattr }; allow shell domain:{ file lnk_file } { open read getattr }; -- GitLab