This will work, but this will give the server access to all files and dir on the system, right? So, it will give the server more privilege that needed. We just want to give the server access to the /proc/<pid>/cmdline file and not other files.
On 10/7/13 3:01 PM, "Stephen Smalley" <[email protected]> wrote: >With regard to allowing it, you can allow it to read /proc/pid/cmdline >for all domains by writing allow rules with the domain attribute, e.g. > allow server domain:dir r_dir_perms; > allow server domain:{ file lnk_file } r_file_perms; >Or more succintly using the r_dir_file() macro as: > r_dir_file(server, domain) > >If you want to allow it for just app domains, you can write similar >rules using the appdomain attribute rather than domain, e.g. > r_dir_file(server, appdomain) > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
