From: Danny Wood <danwood76@gmail.com>
Date: Fri, 29 Nov 2019 11:49:00 +0000 (+0000)
Subject: universal7580: sepolicy: address cpboot daemon denials
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=13680d3e2805b94a121362572be19f7dc008133d;p=GitHub%2FLineageOS%2Fandroid_device_samsung_universal7580-common.git

universal7580: sepolicy: address cpboot daemon denials

Change-Id: Ie1a8a18ab1c76b4815600016015c7008b8c075fa
---

diff --git a/sepolicy/cpboot-daemon.te b/sepolicy/cpboot-daemon.te
index 6f3721b..de2cd2f 100644
--- a/sepolicy/cpboot-daemon.te
+++ b/sepolicy/cpboot-daemon.te
@@ -40,8 +40,10 @@ allow cpboot-daemon efs_file:dir r_dir_perms;
 allow cpboot-daemon bin_nv_data_efs_file:file rw_file_perms;
 allow cpboot-daemon efs_file:file rw_file_perms;
 
-# /proc/cmdline
-allow cpboot-daemon proc:file r_file_perms;
+# /proc permissions
+allow cpboot-daemon proc_cmdline:file r_file_perms;
+allow cpboot-daemon proc_dt_firmware:dir search;
+allow cpboot-daemon proc_dt_firmware:file { open read };
 
 # set properties on boot
 set_prop(cpboot-daemon, cpboot-daemon_prop)