universal7580: sepolicy: address cpboot daemon denials

author Danny Wood <danwood76@gmail.com>

Fri, 29 Nov 2019 11:49:00 +0000 (11:49 +0000)

committer Danny Wood <danwood76@gmail.com>

Tue, 10 Mar 2020 15:25:58 +0000 (15:25 +0000)
author Danny Wood <danwood76@gmail.com>
Fri, 29 Nov 2019 11:49:00 +0000 (11:49 +0000)
committer Danny Wood <danwood76@gmail.com>
Tue, 10 Mar 2020 15:25:58 +0000 (15:25 +0000)
diff --git a/sepolicy/cpboot-daemon.te b/sepolicy/cpboot-daemon.te

index 6f3721ba6d8fd3beaaafb7038c21ada20ec6a4e0..de2cd2f3f0f67e2e512feed1623c1bbbfec63f53 100644 (file)
--- a/sepolicy/cpboot-daemon.te
+++ b/sepolicy/cpboot-daemon.te
@@ -40,8 +40,10 @@ allow cpboot-daemon efs_file:dir r_dir_perms;
  allow cpboot-daemon bin_nv_data_efs_file:file rw_file_perms;
  allow cpboot-daemon efs_file:file rw_file_perms;
  
-# /proc/cmdline
-allow cpboot-daemon proc:file r_file_perms;
+# /proc permissions
+allow cpboot-daemon proc_cmdline:file r_file_perms;
+allow cpboot-daemon proc_dt_firmware:dir search;
+allow cpboot-daemon proc_dt_firmware:file { open read };
  
  # set properties on boot
  set_prop(cpboot-daemon, cpboot-daemon_prop)
author	Danny Wood <danwood76@gmail.com>
	Fri, 29 Nov 2019 11:49:00 +0000 (11:49 +0000)
committer	Danny Wood <danwood76@gmail.com>
	Tue, 10 Mar 2020 15:25:58 +0000 (15:25 +0000)