Add sepolicy for /proc/bootconfig
Vendor boot hal, init, and vold processes all require permission.
Test: build and boot aosp_cf_x86_64_phone
Bug: 173815685
Change-Id: I15692dcd39dfc9c3a3b7d8c12d03eff0a7c96f72
diff --git a/public/file.te b/public/file.te
index 8426ad6..4e17f12 100644
--- a/public/file.te
+++ b/public/file.te
@@ -21,6 +21,7 @@
type proc_bluetooth_writable, fs_type, proc_type;
type proc_abi, fs_type, proc_type;
type proc_asound, fs_type, proc_type;
+type proc_bootconfig, fs_type, proc_type;
type proc_buddyinfo, fs_type, proc_type;
type proc_cmdline, fs_type, proc_type;
type proc_cpuinfo, fs_type, proc_type;
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index be9975f..a1f3d7f 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -3,3 +3,4 @@
binder_call(hal_bootctl_server, hal_bootctl_client)
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
+allow hal_bootctl_server proc_bootconfig:file r_file_perms;
diff --git a/public/init.te b/public/init.te
index fdb1694..1287ca3 100644
--- a/public/init.te
+++ b/public/init.te
@@ -350,6 +350,7 @@
allow init {
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_bootconfig
proc_cmdline
proc_diskstats
proc_kmsg # Open /proc/kmsg for logd service.
@@ -383,6 +384,7 @@
# init chmod/chown access to /proc files.
allow init {
proc_cmdline
+ proc_bootconfig
proc_kmsg
proc_net
proc_pagetypeinfo
diff --git a/public/vold.te b/public/vold.te
index 030e572..b6d1443 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -23,6 +23,7 @@
r_dir_file(vold, metadata_file)
allow vold {
proc # b/67049235 processes /proc/<pid>/* files are mislabeled.
+ proc_bootconfig
proc_cmdline
proc_drop_caches
proc_filesystems