From 9a28f90d6a36d3627ff525a6f3ac160039b27b5e Mon Sep 17 00:00:00 2001
From: Sylvain Chouleur <sylvain.chouleur@intel.com>
Date: Wed, 27 Jan 2016 16:27:23 +0100
Subject: [PATCH] init: allow to access console-ramoops with newer kernels

Since linux 3.18, commit 68c4a4f8abc60c9440ede9cd123d48b78325f7a3 has
been integrated and requires syslog_read capability a process accessing
console-ramoops file.

sepolicy must be adapted to this new requirement.

Change-Id: Ib4032a6bd96b1828a0154edc8fb510e3c1d3bdc2
Signed-off-by: Sylvain Chouleur <sylvain.chouleur@intel.com>
---
 init.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/init.te b/init.te
index 7346d9a34..1baeeeeb6 100644
--- a/init.te
+++ b/init.te
@@ -266,6 +266,7 @@ allow init metadata_block_device:blk_file rw_file_perms;
 # by dm-verity detecting corrupted blocks
 allow init pstorefs:dir search;
 allow init pstorefs:file r_file_perms;
+allow init kernel:system syslog_read;
 
 # linux keyring configuration
 allow init init:key { write search setattr };
-- 
GitLab