dpmservice_app: donot audit /proc/<pid> query denials

added donot audit rule for /proc/<pid>/stat query. added permissions to query app attributes CRs-fixed: 932024 Change-Id: Iefe347ccd89619962100206df38f9e5a03bd3083
author: Susheel Yadagiri <syadagir@codeaurora.org> 2015-10-28 22:44:33 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2015-12-05 00:42:26 -0800
commit: 943238f507505d4c66bfcb3dadc623c575567728 (patch)
tree: 426ce98225ba3f34b9796beaf67806e7859b13c1
parent: b88c2a9aab670da0129ad49dcc157770ddae9384 (diff)
download: android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.tar.gz
android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.tar.bz2
android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/common/dpmservice_app.te b/common/dpmservice_app.te
index 6dc8748b..47f23bc0 100644
--- a/common/dpmservice_app.te
+++ b/common/dpmservice_app.te
@@ -42,3 +42,9 @@ allow dpmservice_app system_api_service:service_manager find;
 #allow dpmservice to search mediaserver and radio service.
 allow dpmservice_app mediaserver_service:service_manager find;
 allow dpmservice_app radio_service:service_manager find;
+
+#don't audit /proc/<pid>/stat denials
+dontaudit dpmservice_app domain:dir r_dir_perms;
+
+#allow dpmservice to get running time for apps
+r_dir_file(dpmservice_app, appdomain)
author	Susheel Yadagiri <syadagir@codeaurora.org>	2015-10-28 22:44:33 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2015-12-05 00:42:26 -0800
commit	943238f507505d4c66bfcb3dadc623c575567728 (patch)
tree	426ce98225ba3f34b9796beaf67806e7859b13c1
parent	b88c2a9aab670da0129ad49dcc157770ddae9384 (diff)
download	android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.tar.gz android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.tar.bz2 android_device_qcom_sepolicy-943238f507505d4c66bfcb3dadc623c575567728.zip