commit | baf6563fdc1f06ac55c69a43d14ff67e90ba8716 | [log] [tgz] |
---|---|---|
author | Tri Vo <trong@google.com> | Wed Oct 18 12:43:33 2017 -0700 |
committer | Tri Vo <trong@google.com> | Wed Nov 01 22:12:59 2017 -0700 |
tree | 3118706beb636f061e69e940c11e5a7355e15ff8 | |
parent | 6f1cc2c0b99498410c008254400a689b095dad68 [diff] |
Remove obdm_app access to proc label. Instead give obdm_app read access to /proc/stat. Bug: 65643247 Test: can login to obdm app without selinux denials Merged-In: If7a4fe25ffc7e2b436521dc889e7fc118b57cd49 Change-Id: If7a4fe25ffc7e2b436521dc889e7fc118b57cd49 (cherry picked from commit a52e35479797c0fa213b62e19366eec06a049493)
diff --git a/sepolicy/verizon/obdm_app.te b/sepolicy/verizon/obdm_app.te index c8abf8b..f24baad 100644 --- a/sepolicy/verizon/obdm_app.te +++ b/sepolicy/verizon/obdm_app.te
@@ -3,7 +3,7 @@ app_domain(obdm_app) net_domain(obdm_app) -r_dir_file(obdm_app, proc) +allow obdm_app proc_stat:file r_file_perms; # talk to /dev/diag allow obdm_app diag_device:chr_file rw_file_perms;