From d60a38b02e9d44365399d1f97719f32cf4587a5c Mon Sep 17 00:00:00 2001
From: Kalesh Singh <kaleshsingh@google.com>
Date: Fri, 24 May 2024 11:37:23 -0700
Subject: [PATCH] microdroid: Add rules for
 /sys/kernel/mm/pgsize_migration/enabled

The dynamic linker needs to read this node to determine how it should
load ELF files. See page_size_migration_supported() [1]

Allow the node to be enabled/disabled by init.

[1] https://cs.android.com/android/platform/superproject/main/+/3d5e32517bbf56e9c69e3133a1b849b97cd6aa1d:bionic/linker/linker_phdr.cpp;l=709-721

Bug: 342520142
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: no avc deined in logcat
Change-Id: I91381e36943ea0387ff245e924ddab53a4928a05
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
---
 microdroid/system/private/domain.te      | 8 ++++++++
 microdroid/system/private/file.te        | 4 ++++
 microdroid/system/private/genfs_contexts | 1 +
 microdroid/system/private/init.te        | 1 +
 4 files changed, 14 insertions(+)

diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index 118425a83..7361462de 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -200,6 +200,10 @@ allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET };
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow reading /sys/kernel/mm/pgsize_migration/enabled
+allow domain sysfs_pgsize_migration:dir search;
+allow domain sysfs_pgsize_migration:file r_file_perms;
+
 # globally readable properties
 get_prop(domain, arm64_memtag_prop)
 get_prop(domain, bootloader_prop)
@@ -545,3 +549,7 @@ neverallow domain encryptedstore_file:file no_x_file_perms;
 
 # Only crash_dump is allowed to access ptrace
 neverallow { domain -crash_dump } domain:process ptrace;
+
+# Only init is allowed to write sysfs_pgsize_migration;
+# ueventd needs write access to all sysfs files.
+neverallow { domain -init -vendor_init -ueventd } sysfs_pgsize_migration:file no_w_file_perms;
diff --git a/microdroid/system/private/file.te b/microdroid/system/private/file.te
index e250c3545..82a55645a 100644
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te
@@ -30,3 +30,7 @@ type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
 
 # /data/misc/perfetto-configs for perfetto configs
 type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
+
+
+# Type for /sys/kernel/mm/pgsize_migration/enabled
+type sysfs_pgsize_migration, fs_type, sysfs_type;
diff --git a/microdroid/system/private/genfs_contexts b/microdroid/system/private/genfs_contexts
index 13ce68515..8938ef2e7 100644
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts
@@ -159,6 +159,7 @@ genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
 genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
+genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
 genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
 genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
 genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
diff --git a/microdroid/system/private/init.te b/microdroid/system/private/init.te
index 4441d125d..67af209e5 100644
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@@ -303,6 +303,7 @@ allow init {
   sysfs_power
   sysfs_fs_f2fs
   sysfs_dm
+  sysfs_pgsize_migration
 }:file w_file_perms;
 
 allow init {