Merge "init: restrict setattr perms to /proc."

commit: 4bb33bc38ff473959132b71701b223dd9c1c6d37 [log] [tgz]
author: Tri Vo <trong@google.com> Wed May 02 18:18:49 2018 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed May 02 18:18:49 2018 +0000
tree: db0a939bf549cd944491c92205c7b83041dcc8dd
parent: 65352c904a112753b6cd035db08855be3cd78127 [diff]
parent: d0fe17cae499c8fd988ab87d058b4a1ecd715a94 [diff]
diff --git a/public/init.te b/public/init.te
index 35a98fe..bcff07f 100644
--- a/public/init.te
+++ b/public/init.te

@@ -227,7 +227,7 @@
 allow init {
   fs_type
   -contextmount_type
-  -proc
+  -proc_type
   -sdcard_type
   -sysfs_type
   -rootfs
@@ -311,6 +311,17 @@
   proc_security
 }:file rw_file_perms;
 
+# init chmod/chown access to /proc files.
+allow init {
+  proc_cmdline
+  proc_kmsg
+  proc_net
+  proc_qtaguid_stat
+  proc_sysrq
+  proc_qtaguid_ctrl
+  proc_vmallocinfo
+}:file setattr;
+
 # init access to /sys files.
 allow init {
   sysfs_android_usb
commit	4bb33bc38ff473959132b71701b223dd9c1c6d37	[log] [tgz]
author	Tri Vo <trong@google.com>	Wed May 02 18:18:49 2018 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed May 02 18:18:49 2018 +0000
tree	db0a939bf549cd944491c92205c7b83041dcc8dd
parent	65352c904a112753b6cd035db08855be3cd78127 [diff]
parent	d0fe17cae499c8fd988ab87d058b4a1ecd715a94 [diff]