Skip to content
Snippets Groups Projects
Commit abf31acb authored by dcashman's avatar dcashman
Browse files

Allow domain to read proc dirs. 

Ability to read all of proc was placed in domain_deprecated with the
intention of reducing information leaking from proc.  Many processes try
to read proc dirs, though.  Allow this with the belief that information
leakage is from the proc files themselves rather than dir structure.

Address the following denial:
avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0

Bug: 26833472
Change-Id: I975ae022c093e1cf80de21487dc11e49f938e5a3
parent 35a14514
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment