From 435518d532093e41ac990614dd9dcdae54acdd51 Mon Sep 17 00:00:00 2001
From: "haohsiang.hsu" <haohsiang.hsu@mediatek.com>
Date: Sat, 18 Jan 2020 10:04:28 +0800
Subject: [PATCH] [ALPS03939719] Refine sepolicy for bootctrl

Add policy for bootctrl read cmdline

MTK-Commit-Id: a264204afb83417dacb4f1b76e05b71509a492de

Change-Id: I2bd838b67003dc13208810b4de724ca06b67067e
CR-Id: ALPS03939719
Feature: A/B System Updates
---
 non_plat/hal_bootctl_default.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/non_plat/hal_bootctl_default.te b/non_plat/hal_bootctl_default.te
index fac38f4..8b1b261 100644
--- a/non_plat/hal_bootctl_default.te
+++ b/non_plat/hal_bootctl_default.te
@@ -1,10 +1,9 @@
 # Add for bootctl
 #============= hal_bootctl_default ==============
 allow hal_bootctl_default para_block_device:blk_file { read open write};
-allow hal_bootctl_default proc:file { read getattr open };
 allow hal_bootctl_default rootfs:file { read getattr open };
 allow hal_bootctl_default sysfs:dir { read open };
-allow hal_bootctl_default sysfs:file { read getattr open };
 allow hal_bootctl_default block_device:dir search;
 allow hal_bootctl_default misc_sd_device:chr_file rw_file_perms;
 allow hal_bootctl_default bootdevice_block_device:blk_file { read write ioctl open };
+allow hal_bootctl_default proc_cmdline:file r_file_perms;