commit 840d4f3bf3a3bf15a65b57210eca9d3a267ba99f
author Devin Moore <devinmoore@google.com> Wed Feb 17 09:30:52 2021 -0800
committer Devin Moore <devinmoore@google.com> Tue Feb 23 07:42:06 2021 -0800
tree a269a6c9d153b8e119997f18703f9f081b719483
parent 74e85309f46f9f365f705001716e70054f614069

Add sepolicy for /proc/bootconfig

Vendor boot hal, init, and vold processes all require permission.

Test: build and boot aosp_cf_x86_64_phone
Bug: 173815685
Change-Id: I15692dcd39dfc9c3a3b7d8c12d03eff0a7c96f72

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 3830fc0..9dff2c6 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1809,7 +1809,9 @@
 (typeattributeset print_service_30_0 (print_service))
 (typeattributeset priv_app_30_0 (priv_app))
 (typeattributeset privapp_data_file_30_0 (privapp_data_file))
-(typeattributeset proc_30_0 (proc))
+(typeattributeset proc_30_0
+  ( proc
+    proc_bootconfig))
 (typeattributeset proc_abi_30_0 (proc_abi))
 (typeattributeset proc_asound_30_0 (proc_asound))
 (typeattributeset proc_bluetooth_writable_30_0 (proc_bluetooth_writable))

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 92020e1..21a1ae9 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -3,6 +3,7 @@
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
 genfscon proc /asound u:object_r:proc_asound:s0
+genfscon proc /bootconfig u:object_r:proc_bootconfig:s0
 genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
 genfscon proc /cmdline u:object_r:proc_cmdline:s0
 genfscon proc /config.gz u:object_r:config_gz:s0