Allow system settings to read /proc/version Used to display kernel version in settings app. avc: denied { read } for name="version" dev="proc" scontext=u:r:system_app:s0 tcontext=u:object_r:proc_version:s0 tclass=file permissive=0 Bug: 66985744 Test: kernel version now displayed in settings app. Change-Id: I53f92f63362b900347fd393a40d70ccf5d220d30

commit: c975bd904f7b65ae290162b04abb4468c3339347 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Sep 27 12:27:03 2017 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Wed Sep 27 19:38:23 2017 +0000
tree: bddee4d9554fdb2f0dcef151937505da42e4af06
parent: 91d398d802b4fbd33c2b88da9f56ecee8bdc363c [diff]
diff --git a/private/system_app.te b/private/system_app.te
index 9d2ee28..904b851 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -92,7 +92,10 @@
 r_dir_file(system_app, sysfs_type)
 
 # settings app reads /proc/version and /proc/pagetypeinfo
-allow system_app proc:file r_file_perms;
+allow system_app {
+  proc
+  proc_version
+}:file r_file_perms;
 
 control_logd(system_app)
 read_runtime_log_tags(system_app)
commit	c975bd904f7b65ae290162b04abb4468c3339347	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Sep 27 12:27:03 2017 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Wed Sep 27 19:38:23 2017 +0000
tree	bddee4d9554fdb2f0dcef151937505da42e4af06
parent	91d398d802b4fbd33c2b88da9f56ecee8bdc363c [diff]