From fab8e1c1cc3382f4fd40c7650e356b26ca4c5a8c Mon Sep 17 00:00:00 2001
From: Kalesh Singh <kaleshsingh@google.com>
Date: Thu, 4 Nov 2021 20:47:29 -0700
Subject: [PATCH] sepolicy: Allow creating synthetic trace events

rss_stat will be throttled using histogram triggers and synthetic trace
events. Add genfs context labels for the synthetic tracefs files.

Bug: 145972256
Test: Check log cat for avc denials
Change-Id: I7e183aa930bb6ee79613d011bed7174d553f9c1a
---
 private/genfs_contexts | 6 ++++++
 private/init.te        | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 664a3b31a..bf03bf735 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -229,6 +229,12 @@ genfscon tracefs /events/ext4/ext4_sync_file_exit/           u:object_r:debugfs_
 genfscon tracefs /events/block/block_rq_issue/               u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/block/block_rq_complete/            u:object_r:debugfs_tracing:s0
 
+genfscon tracefs /synthetic_events                                       u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/synthetic/rss_stat_throttled                    u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /tracing/synthetic_events                               u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/synthetic/rss_stat_throttled            u:object_r:debugfs_tracing:s0
+
 genfscon tracefs /trace_clock                                            u:object_r:debugfs_tracing:s0
 genfscon tracefs /buffer_size_kb                                         u:object_r:debugfs_tracing:s0
 genfscon tracefs /options/overwrite                                      u:object_r:debugfs_tracing:s0
diff --git a/private/init.te b/private/init.te
index 3b64e2523..31dabfa55 100644
--- a/private/init.te
+++ b/private/init.te
@@ -107,6 +107,11 @@ neverallow { domain -init } keystore_listen_prop:property_service set;
 # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
 allow init debugfs_bootreceiver_tracing:file w_file_perms;
 
+# Devices with kernels where CONFIG_HIST_TRIGGERS isn't enabled will
+# attempt to write a non exisiting 'synthetic_events' file, when setting
+# up synthetic events. This is a no-op in tracefs.
+dontaudit init debugfs_tracing_debug:dir { write add_name };
+
 # chown/chmod on devices.
 allow init {
   dev_type