access to /proc/slabinfo

init, dumpstate and shell Test: check avc for init is now gone Bug: 7232205 Bug: 109821005 Change-Id: I299a0ba29bcc97a97047f12a5c48f6056f5e6de5

access to /proc/slabinfo
init, dumpstate and shell Test: check avc for init is now gone Bug: 7232205 Bug: 109821005 Change-Id: I299a0ba29bcc97a97047f12a5c48f6056f5e6de5
d6eaed85 · Mark Salyzyn · 22259d11 · d6eaed85 · d6eaed85 · d6eaed85
Commit d6eaed85 authored 6 years ago by Mark Salyzyn
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -125,6 +125,7 @@ neverallow all_untrusted_apps {
  proc_loadavg
  proc_mounts
  proc_pagetypeinfo
+  proc_slabinfo
  proc_stat
  proc_swaps
  proc_uptime

--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,7 @@
    proc_pipe_conf
    proc_random
    proc_sched
+    proc_slabinfo
    proc_swaps
    proc_uid_time_in_state
    proc_uid_concurrent_active_time

--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -456,7 +456,7 @@
 (expandtypeattribute (preopt2cachename_exec_27_0) true)
 (expandtypeattribute (print_service_27_0) true)
 (expandtypeattribute (priv_app_27_0) true)
-(expandtypeattribute (proc_27_0) true)
+(typeattributeset proc_27_0 (proc proc_slabinfo))
 (expandtypeattribute (proc_bluetooth_writable_27_0) true)
 (expandtypeattribute (proc_cpuinfo_27_0) true)
 (expandtypeattribute (proc_drop_caches_27_0) true)

--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -23,6 +23,7 @@ genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
 genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /swaps u:object_r:proc_swaps:s0

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -167,6 +167,7 @@ allow dumpstate {
  proc_pagetypeinfo
  proc_qtaguid_ctrl
  proc_qtaguid_stat
+  proc_slabinfo
  proc_version
  proc_vmallocinfo
  proc_vmstat

--- a/public/file.te
+++ b/public/file.te
@@ -45,6 +45,7 @@ type proc_pid_max, fs_type, proc_type;
 type proc_pipe_conf, fs_type, proc_type;
 type proc_random, fs_type, proc_type;
 type proc_sched, fs_type, proc_type;
+type proc_slabinfo, fs_type, proc_type;
 type proc_stat, fs_type, proc_type;
 type proc_swaps, fs_type, proc_type;
 type proc_sysrq, fs_type, proc_type;

--- a/public/init.te
+++ b/public/init.te
@@ -320,6 +320,7 @@ allow init {
  proc_kmsg
  proc_net
  proc_qtaguid_stat
+  proc_slabinfo
  proc_sysrq
  proc_qtaguid_ctrl
  proc_vmallocinfo

--- a/public/shell.te
+++ b/public/shell.te
@@ -128,6 +128,7 @@ allow shell {
  proc_modules
  proc_pid_max
  proc_qtaguid_stat
+  proc_slabinfo
  proc_stat
  proc_timer
  proc_uptime