From d5892b4c3151721f032e75979161bddb89b3a146 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 16 Mar 2015 11:43:22 -0400
Subject: [PATCH] Allow shell to read /proc/pid/attr/current for ps -Z.

Needed since Iff1e601e1268d4d77f64788d733789a2d2cd18cc removed it
from appdomain.

Change-Id: I9fc08b525b9868f0fb703b99b0c0c17ca8b656f9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 shell.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/shell.te b/shell.te
index 8cfe9ac43..cfadf77c9 100644
--- a/shell.te
+++ b/shell.te
@@ -66,6 +66,9 @@ service_manager_local_audit_domain(shell)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
 
+# allow shell to read /proc/pid/attr/current for ps -Z
+allow shell domain:process getattr;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
-- 
GitLab