From c975bd904f7b65ae290162b04abb4468c3339347 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 27 Sep 2017 12:27:03 -0700
Subject: [PATCH] Allow system settings to read /proc/version

Used to display kernel version in settings app.

avc: denied { read } for name="version" dev="proc"
scontext=u:r:system_app:s0 tcontext=u:object_r:proc_version:s0
tclass=file permissive=0

Bug: 66985744
Test: kernel version now displayed in settings app.
Change-Id: I53f92f63362b900347fd393a40d70ccf5d220d30
---
 private/system_app.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/private/system_app.te b/private/system_app.te
index 9d2ee2898..904b8518d 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -92,7 +92,10 @@ allow system_app keystore:keystore_key {
 r_dir_file(system_app, sysfs_type)
 
 # settings app reads /proc/version and /proc/pagetypeinfo
-allow system_app proc:file r_file_perms;
+allow system_app {
+  proc
+  proc_version
+}:file r_file_perms;
 
 control_logd(system_app)
 read_runtime_log_tags(system_app)
-- 
GitLab