From 46ae744a92c9728d3683664891c4f22db5a51861 Mon Sep 17 00:00:00 2001
From: Arne Coucheron <arco68@gmail.com>
Date: Tue, 15 Dec 2020 00:53:55 +0100
Subject: [PATCH] common: Resolve last_kmsg denials

Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
---
 common/vendor/file.te          | 3 +++
 common/vendor/genfs_contexts   | 3 +++
 common/vendor/init.te          | 3 +++
 common/vendor/system_server.te | 3 +++
 4 files changed, 12 insertions(+)
 create mode 100644 common/vendor/init.te
 create mode 100644 common/vendor/system_server.te

diff --git a/common/vendor/file.te b/common/vendor/file.te
index 8d54e0b..1e450df 100644
--- a/common/vendor/file.te
+++ b/common/vendor/file.te
@@ -22,6 +22,9 @@ type sec_efs_file, file_type;
 type tee_efs_file, file_type;
 type wifi_efs_file, file_type;
 
+# PROC
+type proc_last_kmsg, fs_type, proc_type;
+
 # SOCKETS
 type epicd_socket, file_type, data_file_type;
 
diff --git a/common/vendor/genfs_contexts b/common/vendor/genfs_contexts
index 1354dac..538c925 100644
--- a/common/vendor/genfs_contexts
+++ b/common/vendor/genfs_contexts
@@ -1,5 +1,8 @@
 # genfs_contexts
 
+### PROC
+genfscon proc /last_kmsg                                                  u:object_r:proc_last_kmsg:s0
+
 ### SYSFS
 genfscon sysfs /bbd                                                       u:object_r:sysfs_bbd:s0
 
diff --git a/common/vendor/init.te b/common/vendor/init.te
new file mode 100644
index 0000000..490913e
--- /dev/null
+++ b/common/vendor/init.te
@@ -0,0 +1,3 @@
+# init.te
+
+allow init proc_last_kmsg:file setattr;
diff --git a/common/vendor/system_server.te b/common/vendor/system_server.te
new file mode 100644
index 0000000..2bae9a7
--- /dev/null
+++ b/common/vendor/system_server.te
@@ -0,0 +1,3 @@
+# system_server.te
+
+allow system_server proc_last_kmsg:file r_file_perms;
-- 
2.20.1