access to /proc/slabinfo
init, dumpstate and shell
Test: check avc for init is now gone
Bug: 7232205
Bug: 109821005
Change-Id: I299a0ba29bcc97a97047f12a5c48f6056f5e6de5
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index e71d565..cf58278 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -125,6 +125,7 @@
proc_loadavg
proc_mounts
proc_pagetypeinfo
+ proc_slabinfo
proc_stat
proc_swaps
proc_uptime
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index de83c81..4699ecf 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,7 @@
proc_pipe_conf
proc_random
proc_sched
+ proc_slabinfo
proc_swaps
proc_uid_time_in_state
proc_uid_concurrent_active_time
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index b19f3d4..e5d50e4 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -456,7 +456,7 @@
(expandtypeattribute (preopt2cachename_exec_27_0) true)
(expandtypeattribute (print_service_27_0) true)
(expandtypeattribute (priv_app_27_0) true)
-(expandtypeattribute (proc_27_0) true)
+(typeattributeset proc_27_0 (proc proc_slabinfo))
(expandtypeattribute (proc_bluetooth_writable_27_0) true)
(expandtypeattribute (proc_cpuinfo_27_0) true)
(expandtypeattribute (proc_drop_caches_27_0) true)
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 265e646..afc6717 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -23,6 +23,7 @@
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
diff --git a/public/dumpstate.te b/public/dumpstate.te
index f6c7507..412418a 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -167,6 +167,7 @@
proc_pagetypeinfo
proc_qtaguid_ctrl
proc_qtaguid_stat
+ proc_slabinfo
proc_version
proc_vmallocinfo
proc_vmstat
diff --git a/public/file.te b/public/file.te
index 8c33bed..68ce321 100644
--- a/public/file.te
+++ b/public/file.te
@@ -45,6 +45,7 @@
type proc_pipe_conf, fs_type, proc_type;
type proc_random, fs_type, proc_type;
type proc_sched, fs_type, proc_type;
+type proc_slabinfo, fs_type, proc_type;
type proc_stat, fs_type, proc_type;
type proc_swaps, fs_type, proc_type;
type proc_sysrq, fs_type, proc_type;
diff --git a/public/init.te b/public/init.te
index 2519311..e37f1ce 100644
--- a/public/init.te
+++ b/public/init.te
@@ -320,6 +320,7 @@
proc_kmsg
proc_net
proc_qtaguid_stat
+ proc_slabinfo
proc_sysrq
proc_qtaguid_ctrl
proc_vmallocinfo
diff --git a/public/shell.te b/public/shell.te
index 8e6ae4c..6755f69 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -128,6 +128,7 @@
proc_modules
proc_pid_max
proc_qtaguid_stat
+ proc_slabinfo
proc_stat
proc_timer
proc_uptime