Allow shell read access to cgroup state
at /proc/cgroups.
Test: adb shell cat /proc/cgroups
Bug: 335278695
Change-Id: I52773c63200a2a048a4c5497c338ddcbe0f23593
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index a0a69f7..e65136e 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -10,4 +10,5 @@
fs_bpf_lmkd_memevents_prog
binderfs_logs_transactions
proc_compaction_proactiveness
+ proc_cgroups
))
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 1477766..455cbff 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -50,4 +50,5 @@
aconfigd_exec
aconfigd_socket
enable_16k_pages_prop
+ proc_cgroups
))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index dd93f04..118f8d9 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -5,6 +5,7 @@
genfscon proc /asound u:object_r:proc_asound:s0
genfscon proc /bootconfig u:object_r:proc_bootconfig:s0
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
+genfscon proc /cgroups u:object_r:proc_cgroups:s0
genfscon proc /cmdline u:object_r:proc_cmdline:s0
genfscon proc /config.gz u:object_r:config_gz:s0
genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0
diff --git a/private/shell.te b/private/shell.te
index 8adc71c..0fdbb7e 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -372,6 +372,7 @@
allow shell {
proc_asound
+ proc_cgroups
proc_filesystems
proc_interrupts
proc_loadavg # b/124024827