Skip to content
Snippets Groups Projects
Commit e629b7eb authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Jeffrey Vander Stoep
Browse files

Allow recovery to read /proc/cmdline 

avc:  denied  { read } for  pid=446 comm="recovery" name="cmdline"
dev="proc" scontext=u:r:recovery:s0
tcontext=u:object_r:proc_cmdline:s0 tclass=file

Test: build
Bug: 66497047
Change-Id: I9f48db88bed0d6ac76fa2808a4913857230a5d4b
parent 2f6e66ff
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
public/recovery.te
+ 2
0
View file @ e629b7eb
...@@ -134,6 +134,8 @@ recovery_only(` ...@@ -134,6 +134,8 @@ recovery_only(`
# This line seems suspect, as it should not really need to # This line seems suspect, as it should not really need to
# set scheduling parameters for a kernel domain task. # set scheduling parameters for a kernel domain task.
allow recovery kernel:process setsched; allow recovery kernel:process setsched;
allow recovery proc_cmdline:file r_file_perms;
') ')
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment