Merge "microdroid: Add rules for /sys/kernel/mm/pgsize_migration/enabled" into main

2024-05-28 01:49:48 +00:00 · 2024-05-28 01:49:48 +00:00 · 0f6ddab01c
commit 0f6ddab01c
parent 74ea085cf1 d60a38b02e
4 changed files with 14 additions and 0 deletions
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@ -200,6 +200,10 @@ allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;

+# Allow reading /sys/kernel/mm/pgsize_migration/enabled
+allow domain sysfs_pgsize_migration:dir search;
+allow domain sysfs_pgsize_migration:file r_file_perms;
+
 # globally readable properties
 get_prop(domain, arm64_memtag_prop)
 get_prop(domain, bootloader_prop)
@ -545,3 +549,7 @@ neverallow domain encryptedstore_file:file no_x_file_perms;

 # Only crash_dump is allowed to access ptrace
 neverallow { domain -crash_dump } domain:process ptrace;
+
+# Only init is allowed to write sysfs_pgsize_migration;
+# ueventd needs write access to all sysfs files.
+neverallow { domain -init -vendor_init -ueventd } sysfs_pgsize_migration:file no_w_file_perms;
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te
@ -30,3 +30,7 @@ type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;

 # /data/misc/perfetto-configs for perfetto configs
 type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
+
+
+# Type for /sys/kernel/mm/pgsize_migration/enabled
+type sysfs_pgsize_migration, fs_type, sysfs_type;
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts
@ -159,6 +159,7 @@ genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
 genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
+genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
 genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
 genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
 genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@ -303,6 +303,7 @@ allow init {
  sysfs_power
  sysfs_fs_f2fs
  sysfs_dm
+  sysfs_pgsize_migration
 }:file w_file_perms;

 allow init {