Remove obdm_app access to proc label. Instead give obdm_app read access to /proc/stat. Bug: 65643247 Test: can login to obdm app without selinux denials Merged-In: If7a4fe25ffc7e2b436521dc889e7fc118b57cd49 Change-Id: If7a4fe25ffc7e2b436521dc889e7fc118b57cd49 (cherry picked from commit a52e35479797c0fa213b62e19366eec06a049493)

commit: baf6563fdc1f06ac55c69a43d14ff67e90ba8716 [log] [tgz]
author: Tri Vo <trong@google.com> Wed Oct 18 12:43:33 2017 -0700
committer: Tri Vo <trong@google.com> Wed Nov 01 22:12:59 2017 -0700
tree: 3118706beb636f061e69e940c11e5a7355e15ff8
parent: 6f1cc2c0b99498410c008254400a689b095dad68 [diff]
diff --git a/sepolicy/verizon/obdm_app.te b/sepolicy/verizon/obdm_app.te
index c8abf8b..f24baad 100644
--- a/sepolicy/verizon/obdm_app.te
+++ b/sepolicy/verizon/obdm_app.te

@@ -3,7 +3,7 @@
 app_domain(obdm_app)
 net_domain(obdm_app)
 
-r_dir_file(obdm_app, proc)
+allow obdm_app proc_stat:file r_file_perms;
 
 # talk to /dev/diag
 allow obdm_app diag_device:chr_file rw_file_perms;
commit	baf6563fdc1f06ac55c69a43d14ff67e90ba8716	[log] [tgz]
author	Tri Vo <trong@google.com>	Wed Oct 18 12:43:33 2017 -0700
committer	Tri Vo <trong@google.com>	Wed Nov 01 22:12:59 2017 -0700
tree	3118706beb636f061e69e940c11e5a7355e15ff8
parent	6f1cc2c0b99498410c008254400a689b095dad68 [diff]