ueventd: allow reading kernel cmdline

This is needed when ueventd needs to read device tree files (/proc/device-tree). Prior to acccess, it tries to read "androidboot.android_dt_dir" from kernel cmdline for a custom Android DT path. Bug: 78613232 Test: boot a device without unknown SELinux denials Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574

ueventd: allow reading kernel cmdline
This is needed when ueventd needs to read device tree files (/proc/device-tree). Prior to acccess, it tries to read "androidboot.android_dt_dir" from kernel cmdline for a custom Android DT path. Bug: 78613232 Test: boot a device without unknown SELinux denials Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
98ef2abb · Bowgo Tsai · f8b60abf · 98ef2abb
Commit 98ef2abb authored 6 years ago by Bowgo Tsai
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;

+# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
+allow ueventd proc_cmdline:file r_file_perms;
+
 #####
 ##### neverallow rules
 #####