From 98ef2abb12b34ccbccc3692d5f78645046c21869 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Thu, 17 May 2018 18:28:33 +0800
Subject: [PATCH] ueventd: allow reading kernel cmdline

This is needed when ueventd needs to read device tree files
(/proc/device-tree). Prior to acccess, it tries to read
"androidboot.android_dt_dir" from kernel cmdline for a custom
Android DT path.

Bug: 78613232
Test: boot a device without unknown SELinux denials
Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
---
 public/ueventd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/ueventd.te b/public/ueventd.te
index c41adb35d..9b9eacb25 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -36,6 +36,9 @@ allow ueventd file_contexts_file:file r_file_perms;
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
 
+# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline.
+allow ueventd proc_cmdline:file r_file_perms;
+
 #####
 ##### neverallow rules
 #####
-- 
GitLab