flo: sepolicy: Resolve last_kmsg denials

Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c

sepolicy/file.te

@@ -8,6 +8,7 @@ type persist_camera_file, file_type;
 type persist_sensors_file, file_type;
 type persist_wifi_file, file_type;
 
+type proc_last_kmsg, fs_type, proc_type;
 type sysfs_rmnet, fs_type, sysfs_type;
 type sysfs_soc, sysfs_type, fs_type;
 type sysfs_surfaceflinger, fs_type, sysfs_type;

sepolicy/genfs_contexts

@@ -1,3 +1,6 @@
+# proc labels
+genfscon proc /last_kmsg                      u:object_r:proc_last_kmsg:s0
+
 # sysfs
 genfscon sysfs /class/android_usb/f_rmnet_smd_sdio/transport                     u:object_r:sysfs_rmnet:s0
 genfscon sysfs /devices/virtual/android_usb/android0/f_rmnet_smd_sdio/transport  u:object_r:sysfs_rmnet:s0

sepolicy/init.te

@@ -1,6 +1,7 @@
 allow init diag_device:chr_file unlink;
 allow init sysfs_mmc_host:file rw_file_perms;
 allow init sysfs:file { rw_file_perms setattr };
+allow init proc_last_kmsg:file { r_file_perms setattr };
 
 # Symlink /sdcard to backing block
 allow init tmpfs:lnk_file create;

sepolicy/system_server.te

@@ -11,6 +11,7 @@ allow system_server sensors_socket:dir r_dir_perms;
 
 allow system_server persist_file:dir r_dir_perms;
 allow system_server sensors_device:chr_file rw_file_perms;
+allow system_server proc_last_kmsg:file r_file_perms;
 
 # mpdecision socket access
 unix_socket_connect(system_server, mpdecision, mpdecision)