Merge "uncrypt: allow reading /proc/bootconfig" am: 17a5e930cb

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1723311 Change-Id: I0068f78afd33c85a769545bf1b0d223f900c7fdd
2021-06-02 10:52:28 +00:00 · 2021-06-02 10:52:28 +00:00 · dd539387a5
commit dd539387a5
parent b7a9b2bcb3 17a5e930cb
1 changed files with 6 additions and 2 deletions
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@ -32,8 +32,12 @@ allow uncrypt userdata_block_device:blk_file w_file_perms;

 r_dir_file(uncrypt, rootfs)

-# uncrypt reads /proc/cmdline
-allow uncrypt proc_cmdline:file r_file_perms;
+# Access to bootconfig is needed when calling ReadDefaultFstab.
+allow uncrypt {
+  proc_bootconfig
+  proc_cmdline
+
+}:file r_file_perms;

 # Read files in /sys
 r_dir_file(uncrypt, sysfs_dt_firmware_android)