From a3266be96895032182d2cc052ff4f4212d8a22ba Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 27 Jan 2016 09:37:18 -0800
Subject: [PATCH] audioserver: grant read perms to /proc

In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { read } for name="irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { open } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: denied { getattr } for path="/proc/asound/irq_affinity" dev="proc" ino=4026536760 scontext=u:r:audioserver:s0 tcontext=u:object_r:proc:s0 tclass=file

Change-Id: Iaa8843bb4e8b19d001520fcd45d35e666bf48271
---
 audioserver.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/audioserver.te b/audioserver.te
index 4f8eb7e73..eeed98565 100644
--- a/audioserver.te
+++ b/audioserver.te
@@ -14,6 +14,9 @@ binder_call(audioserver, binderservicedomain)
 binder_call(audioserver, { appdomain autoplay_app })
 binder_service(audioserver)
 
+# Read access to pseudo filesystems.
+r_dir_file(audioserver, proc)
+
 # Required by Widevine DRM (b/22990512)
 allow audioserver self:process execmem;
 
-- 
GitLab