From 5cf3994d8ab039f9ba47164ef9d13e2ddb5e7acd Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 25 Feb 2015 13:28:40 -0800 Subject: Revert /proc/net related changes Revert the tightening of /proc/net access. These changes are causing a lot of denials, and I want additional time to figure out a better solution. Addresses the following denials (and many more): avc: denied { read } for comm="SyncAdapterThre" name="stats" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file avc: denied { read } for comm="facebook.katana" name="iface_stat_fmt" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file avc: denied { read } for comm="IntentService[C" name="if_inet6" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file avc: denied { read } for comm="dumpstate" name="iface_stat_all" dev="proc" ino=X scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file This reverts commit 0f0324cc826afb9beefda802d496befe823a081e and commit 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 Bug: 9496886 Bug: 19034637 Change-Id: I436a6e3638ac9ed49afbee214e752fe2b0112868 --- genfs_contexts | 1 - 1 file changed, 1 deletion(-) (limited to 'genfs_contexts') diff --git a/genfs_contexts b/genfs_contexts index 2f60ad1..31b7e4f 100644 --- a/genfs_contexts +++ b/genfs_contexts @@ -3,7 +3,6 @@ genfscon rootfs / u:object_r:rootfs:s0 # proc labeling can be further refined (longest matching prefix). genfscon proc / u:object_r:proc:s0 genfscon proc /net u:object_r:proc_net:s0 -genfscon proc /net/psched u:object_r:proc_net_psched:s0 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 -- cgit v1.2.3