common: Resolve last_kmsg denials

Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c

diff --git a/common/vendor/file.te b/common/vendor/file.te
index 8d54e0bb58627070e09db41fa5b392d08b53f2ad..1e450df139b5e8cbebd50e47dd9419fc5624fe5b 100644 (file)
--- a/common/vendor/file.te
+++ b/common/vendor/file.te
@@ -22,6 +22,9 @@ type sec_efs_file, file_type;
 type tee_efs_file, file_type;
 type wifi_efs_file, file_type;
 
+# PROC
+type proc_last_kmsg, fs_type, proc_type;
+
 # SOCKETS
 type epicd_socket, file_type, data_file_type;
 

diff --git a/common/vendor/genfs_contexts b/common/vendor/genfs_contexts
index 1354dac3e1d6bfe2c7cedaa638089fbd889471a9..538c9252aa5fa1e763e7860275450ccee2420812 100644 (file)
--- a/common/vendor/genfs_contexts
+++ b/common/vendor/genfs_contexts
@@ -1,5 +1,8 @@
 # genfs_contexts
 
+### PROC
+genfscon proc /last_kmsg                                                  u:object_r:proc_last_kmsg:s0
+
 ### SYSFS
 genfscon sysfs /bbd                                                       u:object_r:sysfs_bbd:s0
 

diff --git a/common/vendor/init.te b/common/vendor/init.te
new file mode 100644 (file)
index 0000000..490913e
--- /dev/null
+++ b/common/vendor/init.te
@@ -0,0 +1,3 @@
+# init.te
+
+allow init proc_last_kmsg:file setattr;

diff --git a/common/vendor/system_server.te b/common/vendor/system_server.te
new file mode 100644 (file)
index 0000000..2bae9a7
--- /dev/null
+++ b/common/vendor/system_server.te
@@ -0,0 +1,3 @@
+# system_server.te
+
+allow system_server proc_last_kmsg:file r_file_perms;