From 74ae21b31a94f584ce656307936de93c13e524b6 Mon Sep 17 00:00:00 2001 From: dcashman <dcashman@google.com> Date: Thu, 10 Mar 2016 13:43:58 -0800 Subject: [PATCH] Allow domains to getattr proc lnk_file. Many permissions were removed from untrusted_app by the removal of domain_deprecated, including procfs access. procfs file access was restored, however, but not completely. Add the ability to getattr to all domains, so that other domains which lost domain_deprecated may benefit, as they will likely need it. Bug: 27249037 Change-Id: Id3f5e6121548b29d739d5e0fa6ccdbc9f0fc29be --- domain.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/domain.te b/domain.te index f2933ca1c..34faafda8 100644 --- a/domain.te +++ b/domain.te @@ -111,7 +111,7 @@ allow domain system_data_file:dir { search getattr }; allow domain system_data_file:lnk_file read; # required by the dynamic linker -allow domain proc:lnk_file read; +allow domain proc:lnk_file { getattr read }; # /proc/cpuinfo allow domain proc_cpuinfo:file r_file_perms; -- GitLab