diff options
author | Nick Kralevich <nnk@google.com> | 2015-01-14 14:12:14 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-01-14 22:18:24 +0000 |
commit | 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch) | |
tree | 2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /dumpstate.te | |
parent | 4a89cdfa89448c8660308a31bfcb517fffaa239e (diff) | |
download | android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2 android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip |
remove /proc/net read access from domain.te
SELinux domains wanting read access to /proc/net need to
explicitly declare it.
TODO: fixup the ListeningPortsTest cts test so that it's not
broken.
Bug: 9496886
Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
Diffstat (limited to 'dumpstate.te')
-rw-r--r-- | dumpstate.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/dumpstate.te b/dumpstate.te index 5f65eb0..2324c25 100644 --- a/dumpstate.te +++ b/dumpstate.te @@ -60,6 +60,7 @@ domain_auto_trans(dumpstate, vdc_exec, vdc) allow dumpstate sysfs:file w_file_perms; # Other random bits of data we want to collect +allow dumpstate proc_net:dir search; allow dumpstate qtaguid_proc:file r_file_perms; allow dumpstate debugfs:file r_file_perms; |