From 65bdcd8c2397449f2539ef550b9a414314c704ec Mon Sep 17 00:00:00 2001
From: Arne Coucheron <arco68@gmail.com>
Date: Tue, 15 Dec 2020 00:53:55 +0100
Subject: [PATCH] flo: sepolicy: Resolve last_kmsg denials

Change-Id: Ib6a00d0c14eb03f1e16b24471736a0b84371152c
---
 sepolicy/file.te          | 1 +
 sepolicy/genfs_contexts   | 3 +++
 sepolicy/init.te          | 1 +
 sepolicy/system_server.te | 1 +
 4 files changed, 6 insertions(+)

diff --git a/sepolicy/file.te b/sepolicy/file.te
index d07257f..9bd7c5f 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -8,6 +8,7 @@ type persist_camera_file, file_type;
 type persist_sensors_file, file_type;
 type persist_wifi_file, file_type;
 
+type proc_last_kmsg, fs_type, proc_type;
 type sysfs_rmnet, fs_type, sysfs_type;
 type sysfs_soc, sysfs_type, fs_type;
 type sysfs_surfaceflinger, fs_type, sysfs_type;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 7a16dd7..9ced4cf 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,3 +1,6 @@
+# proc labels
+genfscon proc /last_kmsg                      u:object_r:proc_last_kmsg:s0
+
 # sysfs
 genfscon sysfs /class/android_usb/f_rmnet_smd_sdio/transport                     u:object_r:sysfs_rmnet:s0
 genfscon sysfs /devices/virtual/android_usb/android0/f_rmnet_smd_sdio/transport  u:object_r:sysfs_rmnet:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 465e6ca..a765ed6 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,6 +1,7 @@
 allow init diag_device:chr_file unlink;
 allow init sysfs_mmc_host:file rw_file_perms;
 allow init sysfs:file { rw_file_perms setattr };
+allow init proc_last_kmsg:file { r_file_perms setattr };
 
 # Symlink /sdcard to backing block
 allow init tmpfs:lnk_file create;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 8bef986..9484e5e 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -11,6 +11,7 @@ allow system_server sensors_socket:dir r_dir_perms;
 
 allow system_server persist_file:dir r_dir_perms;
 allow system_server sensors_device:chr_file rw_file_perms;
+allow system_server proc_last_kmsg:file r_file_perms;
 
 # mpdecision socket access
 unix_socket_connect(system_server, mpdecision, mpdecision)