shamu: Allow rild to parse through procfs
rild needs to obtain the pid of netmgrd to establish unicast
netlink message communication with netmgrd. rild does this
currently by parsing through procfs and hence needs access
to netmgrd domain.
Also suppress other audit logs triggered by this procfs search
until the underlying mechanism is replaced.
Addresses the following denials:
type=1400 audit(2567.649:197): avc: denied { search } for pid=1190 comm="rild" name="1" dev="proc" ino=11739 scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=dir permissive=0
type=1400 audit(1548.919:122): avc: denied { read } for pid=1181 comm="rild" name="stat" dev="proc" ino=14756 scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
type=1400 audit(2167.259:82): avc: denied { open } for pid=1183 comm="rild" path="/proc/1/stat" dev="proc" ino=4086 scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
type=1400 audit(2587.889:125): avc: denied { getattr } for pid=1164 comm="rild" path="/proc/1/stat" dev="proc" ino=25356 scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
type=1400 audit(2587.889:1257): avc: denied { search } for pid=1164 comm="rild" name="2" dev="proc" ino=25252 scontext=u:r:rild:s0 tcontext=u:r:kernel:s0 tclass=dir permissive=0
type=1400 audit(3925.959:261): avc: denied { search } for pid=1176 comm="rild" name="297" dev="proc" ino=10500 scontext=u:r:rild:s0 tcontext=u:r:ueventd:s0 tclass=dir permissive=0
Bug: 18173330
Change-Id: I2aad6a6d3bb2ecb52179d0a4296ffd0e02fcc7a4
1 file changed
