Move some perms back to domain

libselinux stats selinuxfs, as does every process that links against libselinux such as toolbox. grant: allow domain selinuxfs:filesystem getattr; domain is already granted: allow domain self:dir r_dir_perms; allow domain self:lnk_file r_file_perms; allow domain self:{ fifo_file file } rw_file_perms; To make these possible, also grant: allow domain proc:dir search; Change-Id: Ife6cfa2124c9d61bf908ac89a8444676acdb4259

Move some perms back to domain
aef68b77 · Jeff Vander Stoep · 29a1e43e · aef68b77
Commit aef68b77 authored 9 years ago by Jeff Vander Stoep
--- a/domain.te
+++ b/domain.te
@@ -22,6 +22,7 @@ allow domain self:process {
    setrlimit
 };
 allow domain self:fd use;
+allow domain proc:dir search;
 allow domain self:dir r_dir_perms;
 allow domain self:lnk_file r_file_perms;
 allow domain self:{ fifo_file file } rw_file_perms;
@@ -96,6 +97,7 @@ allow domain proc:lnk_file read;
 # toybox loads libselinux which stats /sys/fs/selinux/
 allow domain selinuxfs:file getattr;
 allow domain sysfs:dir search;
+allow domain selinuxfs:filesystem getattr;

 ###
 ### neverallow rules