From cf391269acd6ff71fe254d2f62d9c82571dd24bf Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Tue, 23 Jan 2018 17:32:16 -0800
Subject: [PATCH] Fix init error trying to access file.

Init tries to write /proc/sys/vm/min_free_order_shift but fails due to
a SELinux denial.  This gives the file a new label and gives init the
ability to write it.

Test: Build and booted Sailfish (a couple of days ago).
Change-Id: Ic93862b85c468afccff2019d84b927af9ed2a84d
---
 private/compat/26.0/26.0.cil | 1 +
 private/genfs_contexts       | 1 +
 public/file.te               | 1 +
 public/init.te               | 1 +
 4 files changed, 4 insertions(+)

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 9d173bed2..184d18d64 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -466,6 +466,7 @@
     proc_kmsg
     proc_loadavg
     proc_max_map_count
+    proc_min_free_order_shift
     proc_mounts
     proc_page_cluster
     proc_pagetypeinfo
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 76f5bdda1..2acaf9f72 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -66,6 +66,7 @@ genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
 genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
+genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
diff --git a/public/file.te b/public/file.te
index c6b2a79d2..fc554121e 100644
--- a/public/file.te
+++ b/public/file.te
@@ -8,6 +8,7 @@ type proc, fs_type;
 type proc_security, fs_type;
 type proc_drop_caches, fs_type;
 type proc_overcommit_memory, fs_type;
+type proc_min_free_order_shift, fs_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
 type usermodehelper, fs_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;
diff --git a/public/init.te b/public/init.te
index ddbe32347..c3e36eaf2 100644
--- a/public/init.te
+++ b/public/init.te
@@ -287,6 +287,7 @@ allow init {
   proc_extra_free_kbytes
   proc_net
   proc_max_map_count
+  proc_min_free_order_shift
   proc_overcommit_memory
   proc_panic
   proc_page_cluster
-- 
GitLab