From a8a1faae7b36ab6ffd23900ca97f342afaf27702 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 10 Feb 2016 17:05:23 -0800
Subject: [PATCH] Auditallow untrusted_app procfs access.

Access to proc is being removed but there are still some consumers.  Add
an auditallow to identify them and adjust labels appropriately before
removal.

Change-Id: I853b79bf0f22a71ea5c6c48641422c2daf247df5
---
 untrusted_app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 2077e83be..2d85bfcea 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -96,6 +96,8 @@ dontaudit untrusted_app exec_type:file getattr;
 # TODO: access of /proc/meminfo, give specific label or switch to
 # using meminfo service
 allow untrusted_app proc:file r_file_perms;
+# https://code.google.com/p/chromium/issues/detail?id=586021
+auditallow untrusted_app proc:file r_file_perms;
 # access /proc/net/xt_qtguid/stats
 r_dir_file(untrusted_app, proc_net)
 
-- 
GitLab