commit a3266be96895032182d2cc052ff4f4212d8a22ba
author Jeff Vander Stoep <jeffv@google.com> Wed Jan 27 09:37:18 2016 -0800
committer Jeff Vander Stoep <jeffv@google.com> Wed Jan 27 09:37:36 2016 -0800
tree 89c851222ac192b88df0778d00eea0707715c858
parent 327da659bef060ebf32ed30212450906f1e85911

audioserver: grant read perms to /proc

In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { read } for name="irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { open } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { getattr } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file

Change-Id: Iaa8843bb4e8b19d001520fcd45d35e666bf48271

audioserver.te

diff --git a/audioserver.te b/audioserver.te
index 4f8eb7e..eeed985 100644
--- a/audioserver.te
+++ b/audioserver.te
@@ -14,6 +14,9 @@
 binder_call(audioserver, { appdomain autoplay_app })
 binder_service(audioserver)
 
+# Read access to pseudo filesystems.
+r_dir_file(audioserver, proc)
+
 # Required by Widevine DRM (b/22990512)
 allow audioserver self:process execmem;