Fixup 057bedb6

Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-14.1/android_system_sepolicy/0002-protected_files.patch

@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: added to older targets to match
+Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
+---
+ genfs_contexts | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/genfs_contexts b/genfs_contexts
+index 31794a1e8..7597b4c6d 100644
+--- a/genfs_contexts
++++ b/genfs_contexts
+@@ -8,7 +8,9 @@ genfscon proc /net u:object_r:proc_net:s0
+ genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
+ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0

Patches/LineageOS-15.1/android_system_sepolicy/0002-protected_files.patch

@@ -0,0 +1,43 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: added to older targets to match
+Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
+---
+ prebuilts/api/26.0/private/genfs_contexts | 2 ++
+ private/genfs_contexts                    | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/prebuilts/api/26.0/private/genfs_contexts b/prebuilts/api/26.0/private/genfs_contexts
+index a2d9b892f..753cabf15 100644
+--- a/prebuilts/api/26.0/private/genfs_contexts
++++ b/prebuilts/api/26.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index e77a39b92..606d46cbe 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0

Patches/LineageOS-16.0/android_system_sepolicy/0002-protected_files.patch

@@ -0,0 +1,73 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: added to older targets to match
+Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
+---
+ prebuilts/api/26.0/private/genfs_contexts | 2 ++
+ prebuilts/api/27.0/private/genfs_contexts | 2 ++
+ prebuilts/api/28.0/private/genfs_contexts | 2 ++
+ private/genfs_contexts                    | 2 ++
+ 4 files changed, 8 insertions(+)
+
+diff --git a/prebuilts/api/26.0/private/genfs_contexts b/prebuilts/api/26.0/private/genfs_contexts
+index a2d9b892f..753cabf15 100644
+--- a/prebuilts/api/26.0/private/genfs_contexts
++++ b/prebuilts/api/26.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/27.0/private/genfs_contexts b/prebuilts/api/27.0/private/genfs_contexts
+index e77a39b92..606d46cbe 100644
+--- a/prebuilts/api/27.0/private/genfs_contexts
++++ b/prebuilts/api/27.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
+index 60504982a..656a9557a 100644
+--- a/prebuilts/api/28.0/private/genfs_contexts
++++ b/prebuilts/api/28.0/private/genfs_contexts
+@@ -28,7 +28,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index 6b8a6f581..28cf83ab2 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -31,7 +31,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0

Patches/LineageOS-17.1/android_system_sepolicy/0002-protected_files.patch

@@ -0,0 +1,88 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: added to older targets to match
+Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
+---
+ prebuilts/api/26.0/private/genfs_contexts | 2 ++
+ prebuilts/api/27.0/private/genfs_contexts | 2 ++
+ prebuilts/api/28.0/private/genfs_contexts | 2 ++
+ prebuilts/api/29.0/private/genfs_contexts | 2 ++
+ private/genfs_contexts                    | 2 ++
+ 5 files changed, 10 insertions(+)
+
+diff --git a/prebuilts/api/26.0/private/genfs_contexts b/prebuilts/api/26.0/private/genfs_contexts
+index a2d9b892f..753cabf15 100644
+--- a/prebuilts/api/26.0/private/genfs_contexts
++++ b/prebuilts/api/26.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/27.0/private/genfs_contexts b/prebuilts/api/27.0/private/genfs_contexts
+index e77a39b92..606d46cbe 100644
+--- a/prebuilts/api/27.0/private/genfs_contexts
++++ b/prebuilts/api/27.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
+index 7e2ea5092..44ca95fd5 100644
+--- a/prebuilts/api/28.0/private/genfs_contexts
++++ b/prebuilts/api/28.0/private/genfs_contexts
+@@ -27,7 +27,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
+index c7603a9a1..e72803627 100644
+--- a/prebuilts/api/29.0/private/genfs_contexts
++++ b/prebuilts/api/29.0/private/genfs_contexts
+@@ -37,7 +37,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index c7603a9a1..e72803627 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -37,7 +37,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0

Patches/LineageOS-18.1/android_system_sepolicy/0002-protected_files.patch

@@ -0,0 +1,103 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 18 Jul 2019 21:21:40 -0400
+Subject: [PATCH] label protected_{fifos,regular} as proc_security
+
+This is needed for init to override the default values.
+
+Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
+[tad@spotco.us]: added to older targets to match
+Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
+---
+ prebuilts/api/26.0/private/genfs_contexts | 2 ++
+ prebuilts/api/27.0/private/genfs_contexts | 2 ++
+ prebuilts/api/28.0/private/genfs_contexts | 2 ++
+ prebuilts/api/29.0/private/genfs_contexts | 2 ++
+ prebuilts/api/30.0/private/genfs_contexts | 2 ++
+ private/genfs_contexts                    | 2 ++
+ 6 files changed, 12 insertions(+)
+
+diff --git a/prebuilts/api/26.0/private/genfs_contexts b/prebuilts/api/26.0/private/genfs_contexts
+index a2d9b892f..753cabf15 100644
+--- a/prebuilts/api/26.0/private/genfs_contexts
++++ b/prebuilts/api/26.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/27.0/private/genfs_contexts b/prebuilts/api/27.0/private/genfs_contexts
+index e77a39b92..606d46cbe 100644
+--- a/prebuilts/api/27.0/private/genfs_contexts
++++ b/prebuilts/api/27.0/private/genfs_contexts
+@@ -14,7 +14,9 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+ genfscon proc /softirqs u:object_r:proc_timer:s0
+ genfscon proc /stat u:object_r:proc_stat:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
+index 7e2ea5092..44ca95fd5 100644
+--- a/prebuilts/api/28.0/private/genfs_contexts
++++ b/prebuilts/api/28.0/private/genfs_contexts
+@@ -27,7 +27,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
+diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
+index 380d4a050..804996685 100644
+--- a/prebuilts/api/29.0/private/genfs_contexts
++++ b/prebuilts/api/29.0/private/genfs_contexts
+@@ -34,7 +34,9 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
+ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
+diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
+index aa9c621ce..c5f43c74a 100644
+--- a/prebuilts/api/30.0/private/genfs_contexts
++++ b/prebuilts/api/30.0/private/genfs_contexts
+@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index aa9c621ce..c5f43c74a 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+ genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+ genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
+ genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
++genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
++genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
+ genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
+ genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
+ genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0

Scripts/LineageOS-14.1/Patch.sh

@@ -270,6 +270,7 @@ sed -i 's/!= 2048/< 2048/' libmincrypt/tools/DumpPublicKey.java; #Allow 4096-bit
 fi;
 
 if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_system_sepolicy/248600.patch"; #Restrict access to timing information in /proc
 applyPatch "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 fi;

Scripts/LineageOS-15.1/Patch.sh

@@ -241,6 +241,7 @@ applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts
 fi;
 
 if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 git am "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/26.0";
 fi;

Scripts/LineageOS-16.0/Patch.sh

@@ -272,6 +272,7 @@ applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #
 fi;
 
 if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 git am "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/28.0";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/27.0";

Scripts/LineageOS-17.1/Patch.sh

@@ -278,6 +278,7 @@ if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/androi
 fi;
 
 if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 git am "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/29.0";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/28.0";

Scripts/LineageOS-18.1/Patch.sh

@@ -274,6 +274,7 @@ if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/androi
 fi;
 
 if enterAndClear "system/sepolicy"; then
+applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #label protected_{fifos,regular} as proc_security (GrapheneOS)
 git am "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/30.0";
 patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch" --directory="prebuilts/api/29.0";