Label /proc/misc
Label /proc/misc and allow access to untrusted_apps targeting older API
versions, as well as update_engine_common.
/proc/misc is used by some banking apps to try to detect if they are
running in an emulated environment.
TODO: Remove access to proc:file from update_engine_common after more
testing.
Bug: 35917228
Test: Device boots and no new denials.
Change-Id: If1b97a9c55a74cb74d1bb15137201ffb95b5bd75
diff --git a/private/genfs_contexts b/private/genfs_contexts
index d1e1b91..e84b494 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -6,6 +6,7 @@
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0
+genfscon proc /misc u:object_r:proc_misc:s0
genfscon proc /net u:object_r:proc_net:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index cba0161..cd3f32b 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -31,3 +31,7 @@
# b/34115651 - net.dns* properties read
# This will go away in a future Android release
get_prop(untrusted_app_25, net_dns_prop)
+
+# b/35917228 - /proc/misc access
+# This will go away in a future Android release
+allow untrusted_app_25 proc_misc:file r_file_perms;