Selinux policy for bootreceiver tracing instance am: 3d52817da4
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1614815 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I3610b627afbcb332f867a13fadfcaed452f67774
This commit is contained in:
commit
04747b9e76
5 changed files with 13 additions and 0 deletions
|
@ -22,6 +22,7 @@
|
|||
ctl_snapuserd_prop
|
||||
debugfs_kprobes
|
||||
debugfs_mm_events_tracing
|
||||
debugfs_bootreceiver_tracing
|
||||
device_config_profcollect_native_boot_prop
|
||||
device_config_connectivity_prop
|
||||
device_config_swcodec_native_prop
|
||||
|
|
|
@ -177,6 +177,8 @@ genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing
|
|||
|
||||
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
|
||||
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
|
||||
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
|
||||
genfscon tracefs /instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
|
||||
genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
|
||||
genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
|
||||
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
|
||||
|
|
|
@ -83,3 +83,6 @@ neverallow { -init } property_service_version_prop:property_service set;
|
|||
|
||||
# Only init can set keystore.boot_level
|
||||
neverallow { -init } keystore_listen_prop:property_service set;
|
||||
|
||||
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
|
||||
allow init debugfs_bootreceiver_tracing:file w_file_perms;
|
||||
|
|
|
@ -1021,6 +1021,10 @@ allow system_server debugfs_tracing_instances:dir search;
|
|||
allow system_server debugfs_wifi_tracing:dir search;
|
||||
allow system_server debugfs_wifi_tracing:file rw_file_perms;
|
||||
|
||||
# Allow BootReceiver to watch trace error_report events.
|
||||
allow system_server debugfs_bootreceiver_tracing:dir search;
|
||||
allow system_server debugfs_bootreceiver_tracing:file r_file_perms;
|
||||
|
||||
# Allow system_server to read tracepoint ids in order to attach BPF programs to them.
|
||||
allow system_server debugfs_tracing:file r_file_perms;
|
||||
|
||||
|
|
|
@ -557,6 +557,9 @@ type hwservice_contexts_file, system_file_type, file_type;
|
|||
# vndservice_contexts file
|
||||
type vndservice_contexts_file, file_type;
|
||||
|
||||
# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions.
|
||||
type debugfs_bootreceiver_tracing, fs_type, debugfs_type;
|
||||
|
||||
# Allow files to be created in their appropriate filesystems.
|
||||
allow fs_type self:filesystem associate;
|
||||
allow cgroup tmpfs:filesystem associate;
|
||||
|
|
Loading…
Reference in a new issue