Allow domains to get attributes in proc_t

[Koncpa]

Commit 1: Allow passwd to get attributes in proc_t

Add macro kernel_read_system_state() to passwd policy.
This macro allow paswd get attributes on filesystem /proc.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1858738

Commit 2: Allow login_pgm attribute to get attributes in proc_t

Allow login_pgm attribute, which contain domain like local_login_t
and cockpit_session_t, get attributes on filesystem /proc.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1853730

[wrabcak]

Hi @Koncpa ,
Can you please look on "kernel_read_system_state" interface? Maybe it will suit better here. :)

[zpytela]

Also note the bugs were reported for passwd_t, local_login_t, and cockpit_session_t, the former one is not a part of login_pgm.

[Koncpa]

Thank you @wrabcak ,
it's look better to use this interface.
@zpytela Should I add this note to commit message?

[zpytela]

LGTM, please disregard my previous comment.

[wrabcak]

@Koncpa there is one issue, attribute cannot be assigned to attribute, so if you need to use kernel_read_system_state() interface you need to add manually to all domains which are part of login_pgm . Can you please fix it?