Introduce a specific context for the nodes under /proc/sys/dev/ddr Only platform apps and system apps are allowed to read the nodes. FPIIM-2246 Change-Id: I3cd7adada7ea72d05fe98a924baaaf5499d3721a

commit: 6222052de74bb478ebf666ba5e19b0718a22038c [log] [tgz]
author: Borjan Tchakaloff <borjan@fairphone.com> Tue Feb 20 18:11:24 2018 +0100
committer: Maarten Derks <maarten@fairphone.com> Wed Feb 21 17:14:40 2018 +0100
tree: 9a2584b91317f0a049ba9a7e2d6878e477c2387e
parent: 45232243cf479b8ca4dea67fd01f25e8efdbbc6b [diff]
diff --git a/sepolicy/ddrinfo.te b/sepolicy/ddrinfo.te
new file mode 100644
index 0000000..b5c9c0b
--- /dev/null
+++ b/sepolicy/ddrinfo.te

@@ -0,0 +1,8 @@
+# /proc/sys/dev/ddr/* nodes give access to the DDR chipset information
+
+# The nodes live in a pseudo filesystem
+type proc_dev_ddr, fs_type;
+
+# Give read access to the platform apps
+r_dir_file(platform_app, proc_dev_ddr)
+r_dir_file(system_app, proc_dev_ddr)

diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 0000000..74590d3
--- /dev/null
+++ b/sepolicy/genfs_contexts

@@ -0,0 +1,2 @@
+# Label the /proc/sys/dev/ddr node and its children
+genfscon proc /sys/dev/ddr u:object_r:proc_dev_ddr:s0
commit	6222052de74bb478ebf666ba5e19b0718a22038c	[log] [tgz]
author	Borjan Tchakaloff <borjan@fairphone.com>	Tue Feb 20 18:11:24 2018 +0100
committer	Maarten Derks <maarten@fairphone.com>	Wed Feb 21 17:14:40 2018 +0100
tree	9a2584b91317f0a049ba9a7e2d6878e477c2387e
parent	45232243cf479b8ca4dea67fd01f25e8efdbbc6b [diff]