ueventd: allow reading kernel cmdline
This is needed when ueventd needs to read device tree files (/proc/device-tree). Prior to acccess, it tries to read "androidboot.android_dt_dir" from kernel cmdline for a custom Android DT path. Bug: 78613232 Test: boot a device without unknown SELinux denials Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
This commit is contained in:
Bowgo Tsai
parent
f8b60abfeb
commit
98ef2abb12
1 changed files with 3 additions and 0 deletions
|
|
@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
|
|||
# Use setfscreatecon() to label /dev directories and files.
|
||||
allow ueventd self:process setfscreate;
|
||||
|
||||
# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
|
||||
allow ueventd proc_cmdline:file r_file_perms;
|
||||
|
||||
#####
|
||||
##### neverallow rules
|
||||
#####
|
||||
|
|
|
|||
Loading…
Reference in a new issue