sepolicy: Allow clients of netmgrd read access to netmgrd stat file
rild and location services - which are clients of netmgrd, needs to
have unicast netlink message communication with netmgrd. For this,
it needs to obtain the pid of the netmgrd. To determine the pid of
netmgrd, rild needs access to parse through the proc file system and
find the entry corresponding to netmgrd.
Fix denials faced while accessing the various files corresponding to
the processes in proc.
[ 78.653558] type=1400 audit(2567.649:197): avc: denied { search }
for pid=1190 comm="rild" name="1" dev="proc" ino=11739
scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=dir permissive=0
[ 72.888233] type=1400 audit(1548.919:122): avc: denied { read }
for pid=1181 comm="rild" name="stat" dev="proc" ino=14756
scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
[ 66.428453] type=1400 audit(2167.259:82): avc: denied { open }
for pid=1183 comm="rild" path="/proc/1/stat" dev="proc" ino=4086
scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
[ 124.895876] type=1400 audit(2587.889:125): avc: denied { getattr }
for pid=1164 comm="rild" path="/proc/1/stat" dev="proc" ino=25356
scontext=u:r:rild:s0 tcontext=u:r:init:s0 tclass=file permissive=0
[ 124.897171] type=1400 audit(2587.889:1257): avc: denied { search }
for pid=1164 comm="rild" name="2" dev="proc" ino=25252
scontext=u:r:rild:s0 tcontext=u:r:kernel:s0 tclass=dir permissive=0
[ 96.631049] type=1400 audit(3925.959:261): avc: denied { search }
for pid=1176 comm="rild" name="297" dev="proc" ino=10500
scontext=u:r:rild:s0 tcontext=u:r:ueventd:s0 tclass=dir permissive=0
Allow these domains access to the proc stat files of netmgrd while
silently denying access to all other files.
Change-Id: I8d0d09cb9e85fdfa898f19a9eafe9ddaee6c208a
2 files changed