tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Selinux policy for bootreceiver tracing instance am: 3d52817da4 am: 04747b9e76 am: 52eafe9ddb

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1614815

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I20f005c37f99fa69c94e8a4e903e3244f7b908e5
This commit is contained in:
Alexander Potapenko 2021-03-05 14:49:18 +00:00 committed by Automerger Merge Worker
commit 04c4440990
5 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/30.0/30.0.ignore.cil
View file

@ -22,6 +22,7 @@
ctl_snapuserd_prop ctl_snapuserd_prop
debugfs_kprobes debugfs_kprobes
debugfs_mm_events_tracing debugfs_mm_events_tracing
debugfs_bootreceiver_tracing
device_config_profcollect_native_boot_prop device_config_profcollect_native_boot_prop
device_config_connectivity_prop device_config_connectivity_prop
device_config_swcodec_native_prop device_config_swcodec_native_prop

2
private/genfs_contexts
View file

@ -177,6 +177,8 @@ genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0 genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0 genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
genfscon tracefs /instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0
genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0 genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0 genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0 genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0

3
private/init.te
View file

@ -83,3 +83,6 @@ neverallow { -init } property_service_version_prop:property_service set;
# Only init can set keystore.boot_level # Only init can set keystore.boot_level
neverallow { -init } keystore_listen_prop:property_service set; neverallow { -init } keystore_listen_prop:property_service set;
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms;

4
private/system_server.te
View file

@ -1021,6 +1021,10 @@ allow system_server debugfs_tracing_instances:dir search;
allow system_server debugfs_wifi_tracing:dir search; allow system_server debugfs_wifi_tracing:dir search;
allow system_server debugfs_wifi_tracing:file rw_file_perms; allow system_server debugfs_wifi_tracing:file rw_file_perms;
# Allow BootReceiver to watch trace error_report events.
allow system_server debugfs_bootreceiver_tracing:dir search;
allow system_server debugfs_bootreceiver_tracing:file r_file_perms;
# Allow system_server to read tracepoint ids in order to attach BPF programs to them. # Allow system_server to read tracepoint ids in order to attach BPF programs to them.
allow system_server debugfs_tracing:file r_file_perms; allow system_server debugfs_tracing:file r_file_perms;

3
public/file.te
View file

@ -557,6 +557,9 @@ type hwservice_contexts_file, system_file_type, file_type;
# vndservice_contexts file # vndservice_contexts file
type vndservice_contexts_file, file_type; type vndservice_contexts_file, file_type;
# /sys/kernel/tracing/instances/bootreceiver for monitoring kernel memory corruptions.
type debugfs_bootreceiver_tracing, fs_type, debugfs_type;
# Allow files to be created in their appropriate filesystems. # Allow files to be created in their appropriate filesystems.
allow fs_type self:filesystem associate; allow fs_type self:filesystem associate;
allow cgroup tmpfs:filesystem associate; allow cgroup tmpfs:filesystem associate;