From ac3c61eb403f9857d290956acfd484525e9fc053 Mon Sep 17 00:00:00 2001
From: Connor O'Brien <connoro@google.com>
Date: Fri, 17 Nov 2017 15:40:51 -0800
Subject: [PATCH] selinux: set proc_uid_time_in_state type for /proc/uid

/proc/uid/ provides the same per-uid time_in_state data as
/proc/uid_time_in_state, so apply the same type and let system_server
read directories of this type.

Bug: 66953705
Test: system_server can read /proc/uid/*/time_in_state files without
denials on sailfish
Change-Id: Iab7fd018c5296e8c0140be81c14e5bae9e0acb0b
Signed-off-by: Connor O'Brien <connoro@google.com>
---
 private/genfs_contexts   | 1 +
 private/system_server.te | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 09da56d41..b76b14575 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -68,6 +68,7 @@ genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
+genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
diff --git a/private/system_server.te b/private/system_server.te
index 1d1b92be9..65fb7dec5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -698,6 +698,8 @@ allow system_server {
   proc_vmallocinfo
 }:file r_file_perms;
 
+allow system_server proc_uid_time_in_state:dir r_dir_perms;
+
 r_dir_file(system_server, rootfs)
 
 ### Rules needed when Light HAL runs inside system_server process.
-- 
GitLab