Allow shell to read /proc/pid/attr/current for ps -Z.

Needed since Iff1e601e1268d4d77f64788d733789a2d2cd18cc removed it from appdomain. Change-Id: I9fc08b525b9868f0fb703b99b0c0c17ca8b656f9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-16 11:43:22 -04:00 · 2015-03-16 11:43:22 -04:00 · d5892b4c31
commit d5892b4c31
parent 2cba1ee10d
1 changed files with 3 additions and 0 deletions
--- a/shell.te
+++ b/shell.te
@ -66,6 +66,9 @@ service_manager_local_audit_domain(shell)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };

+# allow shell to read /proc/pid/attr/current for ps -Z
+allow shell domain:process getattr;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart