Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid am: 640e595a68

am: fe5554828e Change-Id: I475310efa292fd28093c34b231b3d6ff7c406421
2017-11-08 01:51:50 +00:00 · 2017-11-08 01:51:50 +00:00 · 4953e49c69
commit 4953e49c69
parent 156c764dc8 fe5554828e
9 changed files with 15 additions and 0 deletions
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@ -455,6 +455,7 @@
    proc_kmsg
    proc_loadavg
    proc_mounts
    proc_overflowuid
    proc_page_cluster
    proc_pagetypeinfo
    proc_random
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -31,6 +31,7 @@ genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
 genfscon proc /sys/kernel/overflowuid u:object_r:proc_overflowuid:s0
 genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/random u:object_r:proc_random:s0
--- a/public/file.te
+++ b/public/file.te
@ -26,6 +26,7 @@ type proc_misc, fs_type;
 type proc_modules, fs_type;
 type proc_mounts, fs_type;
 type proc_net, fs_type;
 type proc_overflowuid, fs_type;
 type proc_page_cluster, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_perf, fs_type;
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@ -15,4 +15,5 @@ allow hal_usb sysfs:file read;
 allow hal_usb sysfs:file open;
 allow hal_usb sysfs:file write;
 allow hal_usb sysfs:file getattr;
 allow hal_usb proc_overflowuid:file r_file_perms;
--- a/public/healthd.te
+++ b/public/healthd.te
@ -55,6 +55,7 @@ allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
 allow healthd self:process execmem;
 allow healthd proc_sysrq:file rw_file_perms;
 allow healthd proc_overflowuid:file r_file_perms;
 add_service(healthd, batteryproperties_service)
--- a/public/init.te
+++ b/public/init.te
@ -280,6 +280,9 @@ allow init proc_cmdline:file r_file_perms;
 # Write to /proc/sys/vm/page-cluster
 allow init proc_page_cluster:file w_file_perms;
 # Read /proc/sys/kernel/overflowuid
 allow init proc_overflowuid:file r_file_perms;
 # Reboot.
 allow init self:capability sys_boot;
--- a/public/netd.te
+++ b/public/netd.te
@ -37,6 +37,9 @@ r_dir_file(netd, proc_net)
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file rw_file_perms;
 # Access for /proc/sys/kernel/overflowuid.
 allow netd proc_overflowuid:file r_file_perms;
 # Enables PppController and interface enumeration (among others)
 allow netd sysfs:dir r_dir_perms;
 r_dir_file(netd, sysfs_net)
--- a/public/ueventd.te
+++ b/public/ueventd.te
@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
 # Access for /proc/sys/kernel/overflowuid.
 allow ueventd proc_overflowuid:file r_file_perms;
 #####
 ##### neverallow rules
 #####
--- a/public/vold.te
+++ b/public/vold.te
@ -24,6 +24,7 @@ allow vold {
  proc_filesystems
  proc_meminfo
  proc_mounts
  proc_overflowuid
 }:file r_file_perms;
 #Get file contexts