bootstat: Fix the SELinux policy after removing domain_deprecated.
* Allow reading /proc.
type=1400 audit(1453834004.239:7): avc: denied { read } for pid=1305
comm="bootstat" name="uptime" dev="proc" ino=4026536600
scontext=u:r:bootstat:s0 tcontext=u:object_r:proc:s0 tclass=file
permissive=0
* Define domain for the /system/bin/bootstat file.
init: Service exec 4 (/system/bin/bootstat) does not have a SELinux
domain defined.
Bug: 21724738
Change-Id: I4baa2fa7466ac35a1ced79776943c07635ec9804
diff --git a/bootstat.te b/bootstat.te
index 14b4ece..44a8c91 100644
--- a/bootstat.te
+++ b/bootstat.te
@@ -7,3 +7,6 @@
# Allow persistent storage in /data/misc/bootstat.
allow bootstat bootstat_data_file:dir rw_dir_perms;
allow bootstat bootstat_data_file:file create_file_perms;
+
+# Read access to pseudo filesystems (for /proc/uptime).
+r_dir_file(bootstat, proc)
\ No newline at end of file
diff --git a/file_contexts b/file_contexts
index 78964cb..0a75659 100644
--- a/file_contexts
+++ b/file_contexts
@@ -154,6 +154,7 @@
/system/bin/sh -- u:object_r:shell_exec:s0
/system/bin/run-as -- u:object_r:runas_exec:s0
/system/bin/bootanimation u:object_r:bootanim_exec:s0
+/system/bin/bootstat u:object_r:bootstat_exec:s0
/system/bin/app_process32 u:object_r:zygote_exec:s0
/system/bin/app_process64 u:object_r:zygote_exec:s0
/system/bin/servicemanager u:object_r:servicemanager_exec:s0