From 282fc3e48e57706cef37184c9a42ca66ed9cc330 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Thu, 17 May 2018 18:28:33 +0800
Subject: [PATCH] ueventd: allow reading kernel cmdline

This is needed when ueventd needs to read device tree files
(/proc/device-tree). Prior to acccess, it tries to read
"androidboot.android_dt_dir" from kernel cmdline for a custom
Android DT path.

Bug: 78613232
Test: boot a device without unknown SELinux denials
Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
(cherry picked from commit 98ef2abb12b34ccbccc3692d5f78645046c21869)
---
 prebuilts/api/28.0/public/ueventd.te | 3 +++
 public/ueventd.te                    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/prebuilts/api/28.0/public/ueventd.te b/prebuilts/api/28.0/public/ueventd.te
index c41adb35d..9b9eacb25 100644
--- a/prebuilts/api/28.0/public/ueventd.te
+++ b/prebuilts/api/28.0/public/ueventd.te
@@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
 
+# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
+allow ueventd proc_cmdline:file r_file_perms;
+
 #####
 ##### neverallow rules
 #####
diff --git a/public/ueventd.te b/public/ueventd.te
index c41adb35d..9b9eacb25 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
 
+# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
+allow ueventd proc_cmdline:file r_file_perms;
+
 #####
 ##### neverallow rules
 #####
-- 
GitLab