tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: Grant system_server and init access to /proc/pressure/memory

Browse source 
Need ability for system components to access psi memory pressure file.
Add required permissions for system_server and init to access
/proc/pressure/memory file.

Bug: 129476847
Test: system_server can read /proc/pressure/memory
Change-Id: I10ce4f4fe0e3618fa77539e93246d0aae933082c
Signed-off-by: Tim Murray <timmurray@google.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This commit is contained in:
Tim Murray 2019-02-14 09:26:46 -08:00 committed by Suren Baghdasaryan
parent 93b81f30ae
commit 251591fa04
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/system_server.te
View file

@ -1024,6 +1024,9 @@ allow system_server metadata_file:dir search;
allow system_server password_slot_metadata_file:dir rw_dir_perms; allow system_server password_slot_metadata_file:dir rw_dir_perms;
allow system_server password_slot_metadata_file:file create_file_perms; allow system_server password_slot_metadata_file:file create_file_perms;
# Read/Write /proc/pressure/memory
allow system_server proc_pressure_mem:file rw_file_perms;
# dexoptanalyzer is currently used only for secondary dex files which # dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access. # system_server should never access.
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms; neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

3
public/init.te
View file

@ -553,6 +553,9 @@ allow servicemanager init:binder transfer;
# Allow calls from init to apexd # Allow calls from init to apexd
allow init apexd:binder call; allow init apexd:binder call;
# Allow init to touch PSI monitors
allow init proc_pressure_mem:file { rw_file_perms setattr };
### ###
### neverallow rules ### neverallow rules
### ###