Selinux policy for bootreceiver tracing instance am: 3d52817da4

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1614815

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I3610b627afbcb332f867a13fadfcaed452f67774
This commit is contained in:
Alexander Potapenko 2021-03-05 13:22:48 +00:00 committed by Automerger Merge Worker
commit 04747b9e76
5 changed files with 13 additions and 0 deletions

View file

@ -22,6 +22,7 @@
ctl_snapuserd_prop ctl_snapuserd_prop
debugfs_kprobes debugfs_kprobes
debugfs_mm_events_tracing debugfs_mm_events_tracing
debugfs_bootreceiver_tracing
device_config_profcollect_native_boot_prop device_config_profcollect_native_boot_prop
device_config_connectivity_prop device_config_connectivity_prop
device_config_swcodec_native_prop device_config_swcodec_native_prop

View file

@ -177,6 +177,8 @@ genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0 genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0 genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
genfscon tracefs /instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0 genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0 genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0 genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0

View file

@ -83,3 +83,6 @@ neverallow { -init } property_service_version_prop:property_service set;
# Only init can set keystore.boot_level # Only init can set keystore.boot_level
neverallow { -init } keystore_listen_prop:property_service set; neverallow { -init } keystore_listen_prop:property_service set;
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms;

View file

@ -1021,6 +1021,10 @@ allow system_server debugfs_tracing_instances:dir search;
allow system_server debugfs_wifi_tracing:dir search; allow system_server debugfs_wifi_tracing:dir search;
allow system_server debugfs_wifi_tracing:file rw_file_perms; allow system_server debugfs_wifi_tracing:file rw_file_perms;
# Allow BootReceiver to watch trace error_report events.
allow system_server debugfs_bootreceiver_tracing:dir search;
allow system_server debugfs_bootreceiver_tracing:file r_file_perms;
# Allow system_server to read tracepoint ids in order to attach BPF programs to them. # Allow system_server to read tracepoint ids in order to attach BPF programs to them.
allow system_server debugfs_tracing:file r_file_perms; allow system_server debugfs_tracing:file r_file_perms;

View file

@ -557,6 +557,9 @@ type hwservice_contexts_file, system_file_type, file_type;
# vndservice_contexts file # vndservice_contexts file
type vndservice_contexts_file, file_type; type vndservice_contexts_file, file_type;
# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions.
type debugfs_bootreceiver_tracing, fs_type, debugfs_type;
# Allow files to be created in their appropriate filesystems. # Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate; allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate; allow cgroup tmpfs:filesystem associate;