2012-07-12 01:46:38 +02:00
|
|
|
# Label inodes with the fs label.
|
|
|
|
|
genfscon rootfs / u:object_r:rootfs:s0
|
|
|
|
|
# proc labeling can be further refined (longest matching prefix).
|
|
|
|
|
genfscon proc / u:object_r:proc:s0
|
2017-10-20 00:51:38 +02:00
|
|
|
genfscon proc /asound u:object_r:proc_asound:s0
|
2021-02-17 18:30:52 +01:00
|
|
|
genfscon proc /bootconfig u:object_r:proc_bootconfig:s0
|
2018-01-18 00:59:48 +01:00
|
|
|
genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
|
2024-04-26 20:28:28 +02:00
|
|
|
genfscon proc /cgroups u:object_r:proc_cgroups:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /cmdline u:object_r:proc_cmdline:s0
|
2017-02-16 21:04:40 +01:00
|
|
|
genfscon proc /config.gz u:object_r:config_gz:s0
|
2021-10-29 05:31:44 +02:00
|
|
|
genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0
|
2024-01-31 06:56:43 +01:00
|
|
|
genfscon proc /device-tree/avf u:object_r:proc_dt_avf:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /diskstats u:object_r:proc_diskstats:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /filesystems u:object_r:proc_filesystems:s0
|
2016-07-29 20:48:19 +02:00
|
|
|
genfscon proc /interrupts u:object_r:proc_interrupts:s0
|
2015-07-13 17:39:17 +02:00
|
|
|
genfscon proc /iomem u:object_r:proc_iomem:s0
|
2020-10-09 10:15:10 +02:00
|
|
|
genfscon proc /kallsyms u:object_r:proc_kallsyms:s0
|
2019-01-30 00:27:21 +01:00
|
|
|
genfscon proc /keys u:object_r:proc_keys:s0
|
2017-09-13 23:34:56 +02:00
|
|
|
genfscon proc /kmsg u:object_r:proc_kmsg:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /loadavg u:object_r:proc_loadavg:s0
|
2021-01-07 00:14:24 +01:00
|
|
|
genfscon proc /locks u:object_r:proc_locks:s0
|
2019-04-26 18:27:58 +02:00
|
|
|
genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
|
2016-02-24 02:09:48 +01:00
|
|
|
genfscon proc /meminfo u:object_r:proc_meminfo:s0
|
2017-03-03 21:17:49 +01:00
|
|
|
genfscon proc /misc u:object_r:proc_misc:s0
|
2017-03-02 09:02:29 +01:00
|
|
|
genfscon proc /modules u:object_r:proc_modules:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /mounts u:object_r:proc_mounts:s0
|
2014-01-07 20:41:47 +01:00
|
|
|
genfscon proc /net u:object_r:proc_net:s0
|
2018-09-28 19:55:14 +02:00
|
|
|
genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
|
|
|
|
|
genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
|
2018-04-03 18:53:23 +02:00
|
|
|
genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
|
2018-01-02 22:10:46 +01:00
|
|
|
genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
|
2014-09-26 19:51:12 +02:00
|
|
|
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
|
2018-05-11 00:36:59 +02:00
|
|
|
genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
|
|
|
|
|
genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
|
|
|
|
|
genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
|
2018-06-14 16:34:19 +02:00
|
|
|
genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
|
2016-07-29 20:48:19 +02:00
|
|
|
genfscon proc /softirqs u:object_r:proc_timer:s0
|
|
|
|
|
genfscon proc /stat u:object_r:proc_stat:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /swaps u:object_r:proc_swaps:s0
|
2014-03-05 15:50:08 +01:00
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
2019-05-16 20:47:04 +02:00
|
|
|
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
2017-11-15 01:32:36 +01:00
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
2021-11-11 10:51:15 +01:00
|
|
|
genfscon proc /sys/kernel/bpf_ u:object_r:proc_bpf:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
|
2018-02-20 20:02:39 +01:00
|
|
|
genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0
|
2017-03-07 02:27:54 +01:00
|
|
|
genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0
|
2018-06-29 23:53:34 +02:00
|
|
|
genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0
|
|
|
|
|
genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0
|
2017-11-28 17:42:40 +01:00
|
|
|
genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
|
/proc, /sys access from uncrypt, update_engine, postinstall_dexopt
New types:
1. proc_random
2. sysfs_dt_firmware_android
Labeled:
1. /proc/sys/kernel/random as proc_random.
2. /sys/firmware/devicetree/base/firmware/android/{compatible, fstab,
vbmeta} as sysfs_dt_firmware_android.
Changed access:
1. uncrypt, update_engine, postinstall_dexopt have access to generic proc
and sysfs labels removed.
2. appropriate permissions were added to uncrypt, update_engine,
update_engine_common, postinstall_dexopt.
Bug: 67416435
Bug: 67416336
Test: fake ota go/manual-ab-ota runs without denials
Test: adb sideload runs without denials to new types
Change-Id: Id31310ceb151a18652fcbb58037a0b90c1f6505a
2017-10-04 19:34:11 +02:00
|
|
|
genfscon proc /sys/kernel/random u:object_r:proc_random:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0
|
2018-03-29 21:15:48 +02:00
|
|
|
genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0
|
2020-12-31 09:12:04 +01:00
|
|
|
genfscon proc /sys/kernel/sched_util_clamp_max u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sched_util_clamp_min u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sched_util_clamp_min_rt_default u:object_r:proc_sched:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0
|
|
|
|
|
genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0
|
2021-11-11 10:51:15 +01:00
|
|
|
genfscon proc /sys/kernel/unprivileged_bpf_ u:object_r:proc_bpf:s0
|
2013-12-06 15:31:40 +01:00
|
|
|
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
|
2014-01-07 19:46:56 +01:00
|
|
|
genfscon proc /sys/net u:object_r:proc_net:s0
|
2021-11-11 10:51:15 +01:00
|
|
|
genfscon proc /sys/net/core/bpf_ u:object_r:proc_bpf:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0
|
|
|
|
|
genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0
|
|
|
|
|
genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0
|
|
|
|
|
genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0
|
2013-12-09 19:24:25 +01:00
|
|
|
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
|
2017-02-23 23:40:56 +01:00
|
|
|
genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0
|
2017-10-24 22:17:46 +02:00
|
|
|
genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0
|
2015-05-15 05:55:31 +02:00
|
|
|
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
|
2016-06-28 00:38:25 +02:00
|
|
|
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
|
2018-01-24 02:32:16 +01:00
|
|
|
genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
|
2021-07-01 06:10:26 +02:00
|
|
|
genfscon proc /sys/vm/watermark_boost_factor u:object_r:proc_watermark_boost_factor:s0
|
2021-07-29 23:29:47 +02:00
|
|
|
genfscon proc /sys/vm/watermark_scale_factor u:object_r:proc_watermark_scale_factor:s0
|
2023-11-06 15:35:45 +01:00
|
|
|
genfscon proc /sys/vm/percpu_pagelist_high_fraction u:object_r:proc_percpu_pagelist_high_fraction:s0
|
2024-04-10 15:48:15 +02:00
|
|
|
genfscon proc /sys/vm/compaction_proactiveness u:object_r:proc_compaction_proactiveness:s0
|
2016-07-29 20:48:19 +02:00
|
|
|
genfscon proc /timer_list u:object_r:proc_timer:s0
|
|
|
|
|
genfscon proc /timer_stats u:object_r:proc_timer:s0
|
2017-01-04 17:43:09 +01:00
|
|
|
genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
|
2017-11-18 00:40:51 +01:00
|
|
|
genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0
|
2015-05-13 02:14:35 +02:00
|
|
|
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
|
|
|
|
|
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
|
2017-01-12 01:20:49 +01:00
|
|
|
genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0
|
2017-01-18 02:33:50 +01:00
|
|
|
genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0
|
2017-06-07 19:39:11 +02:00
|
|
|
genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0
|
2017-11-10 23:10:19 +01:00
|
|
|
genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0
|
|
|
|
|
genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0
|
2018-01-19 22:48:31 +01:00
|
|
|
genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0
|
2017-11-06 00:35:16 +01:00
|
|
|
genfscon proc /uptime u:object_r:proc_uptime:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon proc /version u:object_r:proc_version:s0
|
|
|
|
|
genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0
|
2018-01-10 21:51:51 +01:00
|
|
|
genfscon proc /vmstat u:object_r:proc_vmstat:s0
|
2016-08-08 19:48:01 +02:00
|
|
|
genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
|
2021-07-29 15:24:38 +02:00
|
|
|
genfscon proc /vendor_sched u:object_r:proc_vendor_sched:s0
|
2015-05-13 02:14:35 +02:00
|
|
|
|
2020-05-28 15:04:48 +02:00
|
|
|
genfscon fusectl / u:object_r:fusectlfs:s0
|
|
|
|
|
|
2012-07-12 01:46:38 +02:00
|
|
|
# selinuxfs booleans can be individually labeled.
|
|
|
|
|
genfscon selinuxfs / u:object_r:selinuxfs:s0
|
|
|
|
|
genfscon cgroup / u:object_r:cgroup:s0
|
2020-05-27 23:10:39 +02:00
|
|
|
genfscon cgroup2 / u:object_r:cgroup_v2:s0
|
2012-07-12 01:46:38 +02:00
|
|
|
# sysfs labels can be set by userspace.
|
|
|
|
|
genfscon sysfs / u:object_r:sysfs:s0
|
2020-08-31 09:24:40 +02:00
|
|
|
genfscon sysfs /devices/cs_etm u:object_r:sysfs_devices_cs_etm:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
|
2019-02-15 21:15:21 +01:00
|
|
|
genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
|
2022-02-24 19:32:16 +01:00
|
|
|
genfscon sysfs /class/gpu u:object_r:sysfs_gpu:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
|
2017-12-09 00:47:21 +01:00
|
|
|
genfscon sysfs /class/net u:object_r:sysfs_net:s0
|
2018-04-05 21:46:05 +02:00
|
|
|
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
|
|
|
|
genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0
|
|
|
|
|
genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0
|
|
|
|
|
genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
|
|
|
|
|
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
|
2019-11-07 22:37:34 +01:00
|
|
|
genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
|
2019-03-01 21:35:48 +01:00
|
|
|
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
|
2017-10-05 22:50:07 +02:00
|
|
|
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
|
2018-12-18 15:38:59 +01:00
|
|
|
genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
|
|
|
|
|
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
|
|
|
|
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
|
|
|
|
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
|
|
|
|
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
sepolicy: proper labelling of /sys/devices/virtual/net/...
While we're at it also label /sys/module/tcp_cubic/parameters correctly.
Before:
[40/54] BinderTest#InterfaceSetMtu: FAILED (4ms)
STACKTRACE:
system/netd/tests/binder_test.cpp:2724: Failure
Value of: status.isOk()
Actual: false
Expected: true
Remote I/O error
system/netd/tests/binder_test.cpp:2580: Failure
Expected equality of these values:
mtu
Which is: 1200
mtuSize
Which is: 1500
Summary
-------
libbpf_android_test: Passed: 9, Failed: 0, Ignored: 0
libnetdbpf_test: Passed: 11, Failed: 0, Ignored: 0
netd_integration_test: Passed: 53, Failed: 1, Ignored: 0
netd_unit_test: Passed: 179, Failed: 0, Ignored: 0
netdutils_test: Passed: 68, Failed: 0, Ignored: 0
resolv_integration_test: Passed: 67, Failed: 0, Ignored: 0
resolv_unit_test: Passed: 67, Failed: 0, Ignored: 0
1 test failed
-------------
BinderTest#InterfaceSetMtu
Test: failing test now passes
Bug: 130318253
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2f7e9824ccce9d1597a18400a9ddd74b53ded857
Merged-In: I2f7e9824ccce9d1597a18400a9ddd74b53ded857
(cherry picked from commit f4aeb81eec45af59b7e07b6d4b1cadb8624cefd4)
2019-04-11 21:28:25 +02:00
|
|
|
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
|
2019-11-07 22:37:34 +01:00
|
|
|
genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
|
2023-02-06 17:49:24 +01:00
|
|
|
genfscon sysfs /firmware/devicetree/base/avf u:object_r:sysfs_dt_avf:s0
|
/proc, /sys access from uncrypt, update_engine, postinstall_dexopt
New types:
1. proc_random
2. sysfs_dt_firmware_android
Labeled:
1. /proc/sys/kernel/random as proc_random.
2. /sys/firmware/devicetree/base/firmware/android/{compatible, fstab,
vbmeta} as sysfs_dt_firmware_android.
Changed access:
1. uncrypt, update_engine, postinstall_dexopt have access to generic proc
and sysfs labels removed.
2. appropriate permissions were added to uncrypt, update_engine,
update_engine_common, postinstall_dexopt.
Bug: 67416435
Bug: 67416336
Test: fake ota go/manual-ab-ota runs without denials
Test: adb sideload runs without denials to new types
Change-Id: Id31310ceb151a18652fcbb58037a0b90c1f6505a
2017-10-04 19:34:11 +02:00
|
|
|
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
|
2017-05-02 22:45:08 +02:00
|
|
|
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
2019-02-15 23:29:05 +01:00
|
|
|
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
|
2021-11-12 01:53:26 +01:00
|
|
|
genfscon sysfs /fs/fuse/bpf_prog_type_fuse u:object_r:sysfs_fs_fuse_bpf:s0
|
2023-03-01 23:32:25 +01:00
|
|
|
genfscon sysfs /fs/fuse/features u:object_r:sysfs_fs_fuse_features:s0
|
2021-01-15 06:01:25 +01:00
|
|
|
genfscon sysfs /fs/incremental-fs/features u:object_r:sysfs_fs_incfs_features:s0
|
2021-05-05 07:40:23 +02:00
|
|
|
genfscon sysfs /fs/incremental-fs/instances u:object_r:sysfs_fs_incfs_metrics:s0
|
2017-12-06 18:00:59 +01:00
|
|
|
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /power/state u:object_r:sysfs_power:s0
|
2019-11-07 22:37:34 +01:00
|
|
|
genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
|
2023-10-04 00:31:22 +02:00
|
|
|
genfscon sysfs /power/sync_on_suspend u:object_r:sysfs_sync_on_suspend:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
|
|
|
|
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
2018-04-17 17:59:45 +02:00
|
|
|
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
|
2021-02-01 19:25:05 +01:00
|
|
|
genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
|
2019-11-17 23:41:33 +01:00
|
|
|
genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
|
2019-03-13 20:06:01 +01:00
|
|
|
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
|
2022-04-07 01:36:58 +02:00
|
|
|
genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
|
2024-04-10 01:24:48 +02:00
|
|
|
genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
|
2017-12-06 19:09:50 +01:00
|
|
|
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
|
2017-09-26 21:58:29 +02:00
|
|
|
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
|
2017-10-10 05:39:34 +02:00
|
|
|
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
|
2021-01-11 06:09:37 +01:00
|
|
|
genfscon sysfs /kernel/dmabuf/buffers u:object_r:sysfs_dmabuf_stats:s0
|
2019-12-16 13:39:15 +01:00
|
|
|
genfscon sysfs /module/dm_verity/parameters/prefetch_cluster u:object_r:sysfs_dm_verity:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
|
sepolicy: proper labelling of /sys/devices/virtual/net/...
While we're at it also label /sys/module/tcp_cubic/parameters correctly.
Before:
[40/54] BinderTest#InterfaceSetMtu: FAILED (4ms)
STACKTRACE:
system/netd/tests/binder_test.cpp:2724: Failure
Value of: status.isOk()
Actual: false
Expected: true
Remote I/O error
system/netd/tests/binder_test.cpp:2580: Failure
Expected equality of these values:
mtu
Which is: 1200
mtuSize
Which is: 1500
Summary
-------
libbpf_android_test: Passed: 9, Failed: 0, Ignored: 0
libnetdbpf_test: Passed: 11, Failed: 0, Ignored: 0
netd_integration_test: Passed: 53, Failed: 1, Ignored: 0
netd_unit_test: Passed: 179, Failed: 0, Ignored: 0
netdutils_test: Passed: 68, Failed: 0, Ignored: 0
resolv_integration_test: Passed: 67, Failed: 0, Ignored: 0
resolv_unit_test: Passed: 67, Failed: 0, Ignored: 0
1 test failed
-------------
BinderTest#InterfaceSetMtu
Test: failing test now passes
Bug: 130318253
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2f7e9824ccce9d1597a18400a9ddd74b53ded857
Merged-In: I2f7e9824ccce9d1597a18400a9ddd74b53ded857
(cherry picked from commit f4aeb81eec45af59b7e07b6d4b1cadb8624cefd4)
2019-04-11 21:28:25 +02:00
|
|
|
genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
|
|
|
|
|
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
|
2020-11-21 04:17:22 +01:00
|
|
|
genfscon sysfs /devices/virtual/misc/uhid u:object_r:sysfs_uhid:s0
|
2021-07-29 15:24:38 +02:00
|
|
|
genfscon sysfs /kernel/vendor_sched u:object_r:sysfs_vendor_sched:s0
|
2023-09-25 20:42:03 +02:00
|
|
|
genfscon sysfs /devices/uprobe u:object_r:sysfs_uprobe:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
|
2020-06-10 12:27:12 +02:00
|
|
|
genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
|
2018-01-31 03:14:45 +01:00
|
|
|
genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0
|
|
|
|
|
genfscon tracefs / u:object_r:debugfs_tracing_debug:s0
|
|
|
|
|
genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /trace u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
|
|
|
|
|
|
2023-02-16 14:37:54 +01:00
|
|
|
genfscon tracefs /hyp u:object_r:debugfs_tracing:s0
|
|
|
|
|
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
|
|
|
|
|
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
|
2021-03-02 16:46:50 +01:00
|
|
|
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
|
|
|
|
|
genfscon tracefs /instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
|
2021-01-15 17:12:56 +01:00
|
|
|
genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
|
|
|
|
|
genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
|
|
|
genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
|
|
|
|
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
|
|
|
|
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
|
2018-01-22 23:00:46 +01:00
|
|
|
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
|
2020-11-05 13:54:52 +01:00
|
|
|
genfscon debugfs /tracing/printk_formats u:object_r:debugfs_tracing_printk_formats:s0
|
|
|
|
|
genfscon tracefs /printk_formats u:object_r:debugfs_tracing_printk_formats:s0
|
2017-07-27 01:22:50 +02:00
|
|
|
|
2018-06-28 15:57:18 +02:00
|
|
|
genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0
|
2018-04-10 17:12:54 +02:00
|
|
|
genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0
|
2018-03-02 11:52:56 +01:00
|
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0
|
2018-04-10 17:12:54 +02:00
|
|
|
genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0
|
2018-03-02 11:52:56 +01:00
|
|
|
genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
|
2018-01-31 03:14:45 +01:00
|
|
|
|
2021-11-05 04:47:29 +01:00
|
|
|
genfscon tracefs /synthetic_events u:object_r:debugfs_tracing:s0
|
2023-04-05 09:15:19 +02:00
|
|
|
|
|
|
|
|
genfscon tracefs /events/synthetic/rss_stat_throttled u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/synthetic/suspend_resume_minimal u:object_r:debugfs_tracing:s0
|
2021-11-05 04:47:29 +01:00
|
|
|
|
2018-01-31 03:14:45 +01:00
|
|
|
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
|
2024-02-25 19:45:20 +01:00
|
|
|
genfscon tracefs /buffer_percent u:object_r:debugfs_tracing:s0
|
2018-01-31 03:14:45 +01:00
|
|
|
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
|
2018-06-28 21:36:17 +02:00
|
|
|
genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0
|
2018-01-31 03:14:45 +01:00
|
|
|
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/sched/sched_wakeup_new/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/sched/sched_waking/ u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
|
2019-01-24 22:55:21 +01:00
|
|
|
genfscon tracefs /events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0
|
2020-12-04 01:47:30 +01:00
|
|
|
genfscon tracefs /events/sched/sched_process_free/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/sched/sched_pi_setprio/ u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/power/clock_enable/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/power/clock_disable/ u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
2019-06-26 16:46:53 +02:00
|
|
|
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
|
2022-01-17 17:34:03 +01:00
|
|
|
genfscon tracefs /events/power/gpu_work_period/ u:object_r:debugfs_tracing:s0
|
2019-08-08 23:40:08 +02:00
|
|
|
genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
|
2019-01-24 22:55:21 +01:00
|
|
|
genfscon tracefs /events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/binder/binder_set_priority/ u:object_r:debugfs_tracing:s0
|
2023-09-25 11:10:55 +02:00
|
|
|
genfscon tracefs /events/binder/binder_command/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/binder/binder_return/ u:object_r:debugfs_tracing:s0
|
2018-02-09 12:15:22 +01:00
|
|
|
genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
|
2018-05-17 03:47:42 +02:00
|
|
|
genfscon tracefs /events/sync/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/fence/ u:object_r:debugfs_tracing:s0
|
2019-03-01 00:22:00 +01:00
|
|
|
genfscon tracefs /events/dma_fence/ u:object_r:debugfs_tracing:s0
|
2019-01-16 00:13:27 +01:00
|
|
|
genfscon tracefs /events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0
|
2019-01-24 22:55:21 +01:00
|
|
|
genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0
|
2020-04-24 11:10:35 +02:00
|
|
|
genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0
|
2020-03-31 01:21:42 +02:00
|
|
|
genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0
|
2019-01-24 22:55:21 +01:00
|
|
|
genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/oom/mark_victim/ u:object_r:debugfs_tracing:s0
|
2019-01-24 22:55:21 +01:00
|
|
|
genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0
|
2019-02-01 17:38:23 +01:00
|
|
|
genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0
|
2020-02-19 07:58:26 +01:00
|
|
|
genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0
|
2020-07-13 19:24:29 +02:00
|
|
|
genfscon tracefs /events/thermal/thermal_temperature/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/thermal/cdev_update/ u:object_r:debugfs_tracing:s0
|
2020-07-31 10:12:06 +02:00
|
|
|
genfscon tracefs /events/cpuhp/cpuhp_enter/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/cpuhp/cpuhp_exit/ u:object_r:debugfs_tracing:s0
|
2021-03-18 00:43:53 +01:00
|
|
|
genfscon tracefs /events/cpuhp/cpuhp_pause/ u:object_r:debugfs_tracing:s0
|
2020-10-05 22:20:35 +02:00
|
|
|
genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/irq/ u:object_r:debugfs_tracing:s0
|
2021-02-14 15:26:35 +01:00
|
|
|
genfscon tracefs /events/clk/clk_enable/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/clk/clk_disable/ u:object_r:debugfs_tracing:s0
|
|
|
|
|
genfscon tracefs /events/clk/clk_set_rate/ u:object_r:debugfs_tracing:s0
|
2018-01-31 03:14:45 +01:00
|
|
|
|
2018-11-29 19:37:18 +01:00
|
|
|
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
|
|
|
|
|
|
2020-02-19 00:26:44 +01:00
|
|
|
genfscon securityfs / u:object_r:securityfs:s0
|
|
|
|
|
|
2019-12-08 21:11:01 +01:00
|
|
|
genfscon binder /binder u:object_r:binder_device:s0
|
|
|
|
|
genfscon binder /hwbinder u:object_r:hwbinder_device:s0
|
|
|
|
|
genfscon binder /vndbinder u:object_r:vndbinder_device:s0
|
|
|
|
|
genfscon binder /binder_logs u:object_r:binderfs_logs:s0
|
|
|
|
|
genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
|
2023-10-12 06:48:19 +02:00
|
|
|
genfscon binder /binder_logs/stats u:object_r:binderfs_logs_stats:s0
|
2024-01-31 18:48:43 +01:00
|
|
|
genfscon binder /binder_logs/transactions u:object_r:binderfs_logs_transactions:s0
|
2024-05-18 00:30:40 +02:00
|
|
|
genfscon binder /binder_logs/transaction_log u:object_r:binderfs_logs_transaction_history:s0
|
|
|
|
|
genfscon binder /binder_logs/failed_transaction_log u:object_r:binderfs_logs_transaction_history:s0
|
2022-02-24 17:15:56 +01:00
|
|
|
genfscon binder /features u:object_r:binderfs_features:s0
|
2018-11-29 19:37:18 +01:00
|
|
|
|
2012-07-12 01:46:38 +02:00
|
|
|
genfscon inotifyfs / u:object_r:inotify:s0
|
2014-07-08 20:45:09 +02:00
|
|
|
genfscon vfat / u:object_r:vfat:s0
|
2019-12-08 21:11:01 +01:00
|
|
|
genfscon binder / u:object_r:binderfs:s0
|
2018-03-30 20:22:54 +02:00
|
|
|
genfscon exfat / u:object_r:exfat:s0
|
2012-07-12 01:46:38 +02:00
|
|
|
genfscon debugfs / u:object_r:debugfs:s0
|
2014-07-08 20:45:09 +02:00
|
|
|
genfscon fuse / u:object_r:fuse:s0
|
2023-01-17 18:22:34 +01:00
|
|
|
genfscon fuseblk / u:object_r:fuseblk:s0
|
2016-03-02 01:13:50 +01:00
|
|
|
genfscon configfs / u:object_r:configfs:s0
|
|
|
|
|
genfscon sdcardfs / u:object_r:sdcardfs:s0
|
2017-10-24 03:20:09 +02:00
|
|
|
genfscon esdfs / u:object_r:sdcardfs:s0
|
2014-04-10 06:32:54 +02:00
|
|
|
genfscon pstore / u:object_r:pstorefs:s0
|
2014-04-15 23:53:05 +02:00
|
|
|
genfscon functionfs / u:object_r:functionfs:s0
|
2014-06-07 16:31:31 +02:00
|
|
|
genfscon usbfs / u:object_r:usbfs:s0
|
2015-04-11 02:42:49 +02:00
|
|
|
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
|
2022-12-01 15:45:35 +01:00
|
|
|
|
2017-08-02 03:06:18 +02:00
|
|
|
genfscon bpf / u:object_r:fs_bpf:s0
|
2022-12-01 15:45:35 +01:00
|
|
|
genfscon bpf /loader u:object_r:fs_bpf_loader:s0
|
2024-03-12 21:04:41 +01:00
|
|
|
genfscon bpf /map_bpfMemEvents_lmkd_rb u:object_r:fs_bpf_lmkd_memevents_rb:s0
|
much more finegrained bpf selinux privs for networking mainline
Goal is to gain a better handle on who has access to which maps
and to allow (with bpfloader changes to create in one directory
and move into the target directory) per-map selection of
selinux context, while still having reasonable defaults for stuff
pinned directly into the target location.
BPFFS (ie. /sys/fs/bpf) labelling is as follows:
subdirectory selinux context mainline usecase / usable by
/ fs_bpf no (*) core operating system (ie. platform)
/net_private fs_bpf_net_private yes, T+ network_stack
/net_shared fs_bpf_net_shared yes, T+ network_stack & system_server
/netd_readonly fs_bpf_netd_readonly yes, T+ network_stack & system_server & r/o to netd
/netd_shared fs_bpf_netd_shared yes, T+ network_stack & system_server & netd [**]
/tethering fs_bpf_tethering yes, S+ network_stack
/vendor fs_bpf_vendor no, T+ vendor
* initial support for bpf was added back in P,
but things worked differently back then with no bpfloader,
and instead netd doing stuff by hand,
bpfloader with pinning into /sys/fs/bpf was (I believe) added in Q
(and was definitely there in R)
** additionally bpf programs are accesible to netutils_wrapper
for use by iptables xt_bpf extensions
'mainline yes' currently means shipped by the com.android.tethering apex,
but this is really another case of bad naming, as it's really
the 'networking/connectivity/tethering' apex / mainline module.
Long term the plan is to merge a few other networking mainline modules
into it (and maybe give it a saner name...).
The reason for splitting net_private vs tethering is that:
S+ must support 4.9+ kernels and S era bpfloader v0.2+
T+ must support 4.14+ kernels and T beta3 era bpfloader v0.13+
The kernel affects the intelligence of the in-kernel bpf verifier
and the available bpf helper functions. Older kernels have
a tendency to reject programs that newer kernels allow.
/ && /vendor are not shipped via mainline, so only need to work
with the bpfloader that's part of the core os.
Bug: 218408035
Test: TreeHugger, manually on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I674866ebe32aca4fc851818c1ffcbec12ac4f7d4
(cherry picked from commit 15715aea32b85c933778b97a46de6ccab42ca7fb)
2022-05-21 14:03:29 +02:00
|
|
|
genfscon bpf /net_private u:object_r:fs_bpf_net_private:s0
|
|
|
|
|
genfscon bpf /net_shared u:object_r:fs_bpf_net_shared:s0
|
|
|
|
|
genfscon bpf /netd_readonly u:object_r:fs_bpf_netd_readonly:s0
|
|
|
|
|
genfscon bpf /netd_shared u:object_r:fs_bpf_netd_shared:s0
|
2024-03-12 21:04:41 +01:00
|
|
|
genfscon bpf /prog_bpfMemEvents_tracepoint_vmscan_mm_vmscan_direct_reclaim_begin_lmkd u:object_r:fs_bpf_lmkd_memevents_prog:s0
|
|
|
|
|
genfscon bpf /prog_bpfMemEvents_tracepoint_vmscan_mm_vmscan_direct_reclaim_end_lmkd u:object_r:fs_bpf_lmkd_memevents_prog:s0
|
2021-01-29 23:36:32 +01:00
|
|
|
genfscon bpf /tethering u:object_r:fs_bpf_tethering:s0
|
2019-12-14 00:18:32 +01:00
|
|
|
genfscon bpf /vendor u:object_r:fs_bpf_vendor:s0
|
2024-01-16 23:02:59 +01:00
|
|
|
genfscon bpf /uprobestats u:object_r:fs_bpf_uprobestats:s0
|
