Allow shell to read /proc/pid/attr/current for ps -Z. Needed since Iff1e601e1268d4d77f64788d733789a2d2cd18cc removed it from appdomain. Change-Id: I9fc08b525b9868f0fb703b99b0c0c17ca8b656f9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: d5892b4c3151721f032e75979161bddb89b3a146 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Mon Mar 16 11:43:22 2015 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Mon Mar 16 11:43:22 2015 -0400
tree: b5eb04d7957f65c05185dd60a281e96d379a6b1b
parent: 2cba1ee10da9afae86249bd2f227cd7470bf3f1a [diff]
diff --git a/shell.te b/shell.te
index 8cfe9ac..cfadf77 100644
--- a/shell.te
+++ b/shell.te

@@ -66,6 +66,9 @@
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
 
+# allow shell to read /proc/pid/attr/current for ps -Z
+allow shell domain:process getattr;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
commit	d5892b4c3151721f032e75979161bddb89b3a146	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Mar 16 11:43:22 2015 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Mon Mar 16 11:43:22 2015 -0400
tree	b5eb04d7957f65c05185dd60a281e96d379a6b1b
parent	2cba1ee10da9afae86249bd2f227cd7470bf3f1a [diff]