Remove proc and sysfs access from system_app and platform_app. Bug: 65643247 Test: manual Test: browse internet Test: take a picture Change-Id: I9faff44b7a025c7422404d777113e40842ea26dd

commit: 06d7dca4a1abb9c2d197c2398969704ddaf39dc5 [log] [tgz]
author: Tri Vo <trong@google.com> Wed Jan 10 12:51:51 2018 -0800
committer: Tri Vo <trong@google.com> Sat Jan 20 01:05:21 2018 +0000
tree: 6c273910342e069408e12c7bce7f12ca02826a64
parent: 04b70519cfe43c2961efd0c91c371f1bc53e02bd [diff] [blame]
diff --git a/private/platform_app.te b/private/platform_app.te
index 2596a8e..67a9c33 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te

@@ -41,7 +41,9 @@
 allow platform_app rootfs:dir getattr;
 
 # com.android.captiveportallogin reads /proc/vmstat
-allow platform_app proc:file r_file_perms;
+allow platform_app {
+  proc_vmstat
+}:file r_file_perms;
 
 allow platform_app audioserver_service:service_manager find;
 allow platform_app cameraserver_service:service_manager find;
commit	06d7dca4a1abb9c2d197c2398969704ddaf39dc5	[log] [tgz]
author	Tri Vo <trong@google.com>	Wed Jan 10 12:51:51 2018 -0800
committer	Tri Vo <trong@google.com>	Sat Jan 20 01:05:21 2018 +0000
tree	6c273910342e069408e12c7bce7f12ca02826a64
parent	04b70519cfe43c2961efd0c91c371f1bc53e02bd [diff] [blame]