From e4116b4e446c79c1f58db3c9b5f331facf9839d9 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 2 Jun 2021 08:46:59 +0200
Subject: [PATCH] uncrypt: allow reading /proc/bootconfig

It's needed when calling ReadDefaultFstab.

Fixes: 189509028
Test: build
Change-Id: I0d4bac7f2e3a25faa921c8d77cbf92f7808f0ab7
---
 public/uncrypt.te | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/public/uncrypt.te b/public/uncrypt.te
index 0f549c9bf..3b04671b2 100644
--- a/public/uncrypt.te
+++ b/public/uncrypt.te
@@ -32,8 +32,12 @@ allow uncrypt userdata_block_device:blk_file w_file_perms;
 
 r_dir_file(uncrypt, rootfs)
 
-# uncrypt reads /proc/cmdline
-allow uncrypt proc_cmdline:file r_file_perms;
+# Access to bootconfig is needed when calling ReadDefaultFstab.
+allow uncrypt {
+  proc_bootconfig
+  proc_cmdline
+
+}:file r_file_perms;
 
 # Read files in /sys
 r_dir_file(uncrypt, sysfs_dt_firmware_android)