Allow recovery to read /proc/cmdline

avc: denied { read } for pid=446 comm="recovery" name="cmdline" dev="proc" scontext=u:r:recovery:s0 tcontext=u:object_r:proc_cmdline:s0 tclass=file Test: build Bug: 66497047 Change-Id: I9f48db88bed0d6ac76fa2808a4913857230a5d4b
2017-09-29 12:34:14 -07:00 · 2017-09-29 12:34:14 -07:00 · e629b7eb2d
commit e629b7eb2d
parent 2f6e66ff09
1 changed files with 2 additions and 0 deletions
--- a/public/recovery.te
+++ b/public/recovery.te
@ -134,6 +134,8 @@ recovery_only(`
  # This line seems suspect, as it should not really need to
  # set scheduling parameters for a kernel domain task.
  allow recovery kernel:process setsched;
+
+  allow recovery proc_cmdline:file r_file_perms;
 ')

 ###