Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid

am: 640e595a Change-Id: I28742acc058dd9ac0241d5a176255fd1a42a920c

Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid
fe555482 · Luis Hector Chavez · android-build-merger · 4a164370 · 640e595a · fe555482
Commit fe555482 authored 7 years ago by Luis Hector Chavez Committed by android-build-merger 7 years ago
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -455,6 +455,7 @@
    proc_kmsg
    proc_loadavg
    proc_mounts
+    proc_overflowuid
    proc_page_cluster
    proc_pagetypeinfo
    proc_random

--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -31,6 +31,7 @@ genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/overflowuid u:object_r:proc_overflowuid:s0
 genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/random u:object_r:proc_random:s0

--- a/public/file.te
+++ b/public/file.te
@@ -26,6 +26,7 @@ type proc_misc, fs_type;
 type proc_modules, fs_type;
 type proc_mounts, fs_type;
 type proc_net, fs_type;
+type proc_overflowuid, fs_type;
 type proc_page_cluster, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_perf, fs_type;

--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -15,4 +15,5 @@ allow hal_usb sysfs:file read;
 allow hal_usb sysfs:file open;
 allow hal_usb sysfs:file write;
 allow hal_usb sysfs:file getattr;
+allow hal_usb proc_overflowuid:file r_file_perms;
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -55,6 +55,7 @@ allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
 allow healthd self:process execmem;
 allow healthd proc_sysrq:file rw_file_perms;
+allow healthd proc_overflowuid:file r_file_perms;
 add_service(healthd, batteryproperties_service)

--- a/public/init.te
+++ b/public/init.te
@@ -280,6 +280,9 @@ allow init proc_cmdline:file r_file_perms;
 # Write to /proc/sys/vm/page-cluster
 allow init proc_page_cluster:file w_file_perms;
+# Read /proc/sys/kernel/overflowuid
+allow init proc_overflowuid:file r_file_perms;
 # Reboot.
 allow init self:capability sys_boot;

--- a/public/netd.te
+++ b/public/netd.te
@@ -37,6 +37,9 @@ r_dir_file(netd, proc_net)
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file rw_file_perms;
+# Access for /proc/sys/kernel/overflowuid.
+allow netd proc_overflowuid:file r_file_perms;
 # Enables PppController and interface enumeration (among others)
 allow netd sysfs:dir r_dir_perms;
 r_dir_file(netd, sysfs_net)

--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
+# Access for /proc/sys/kernel/overflowuid.
+allow ueventd proc_overflowuid:file r_file_perms;
 #####
 ##### neverallow rules
 #####

--- a/public/vold.te
+++ b/public/vold.te
@@ -24,6 +24,7 @@ allow vold {
  proc_filesystems
  proc_meminfo
  proc_mounts
+  proc_overflowuid
 }:file r_file_perms;
 #Get file contexts