Add label for /proc/sys/vm/page-cluster
Test: boot sailfish with no audit when writing to page-cluster
Change-Id: I2bfebdf9342594d66d95daaec92d71195c93ffc8
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 86282d5..4ebb66e 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -455,6 +455,7 @@
proc_kmsg
proc_loadavg
proc_mounts
+ proc_page_cluster
proc_pagetypeinfo
proc_random
proc_swaps
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 124da42..a6de59a 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -40,6 +40,7 @@
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
+genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
genfscon proc /timer_list u:object_r:proc_timer:s0
diff --git a/public/file.te b/public/file.te
index 66ec285..cd0a452 100644
--- a/public/file.te
+++ b/public/file.te
@@ -26,6 +26,7 @@
type proc_modules, fs_type;
type proc_mounts, fs_type;
type proc_net, fs_type;
+type proc_page_cluster, fs_type;
type proc_pagetypeinfo, fs_type;
type proc_perf, fs_type;
type proc_random, fs_type;
diff --git a/public/init.te b/public/init.te
index db2ce43..2d55aba 100644
--- a/public/init.te
+++ b/public/init.te
@@ -277,6 +277,9 @@
# Read /proc/cmdline
allow init proc_cmdline:file r_file_perms;
+# Write to /proc/sys/vm/page-cluster
+allow init proc_page_cluster:file w_file_perms;
+
# Reboot.
allow init self:capability sys_boot;