Merge "SELinux policy for rss_hwm_reset" am: 98c6b33088 am: 6ad9f07660

am: 0f05f12beb

Change-Id: I90e3dbd79aba47f50b7a938b1759ed68a44a4b2b
This commit is contained in:
Rafal Slawik 2018-12-17 04:52:18 -08:00 committed by android-build-merger
commit 3e45997d95
5 changed files with 20 additions and 0 deletions

View file

@ -65,6 +65,8 @@
overlayfs_file
recovery_socket
role_service
rss_hwm_reset
rss_hwm_reset_exec
runtime_service
sensor_privacy_service
super_block_device

View file

@ -251,6 +251,7 @@
/system/bin/usbd u:object_r:usbd_exec:s0
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0

14
private/rss_hwm_reset.te Normal file
View file

@ -0,0 +1,14 @@
type rss_hwm_reset_exec, system_file_type, exec_type, file_type;
# Start rss_hwm_reset from init.
init_daemon_domain(rss_hwm_reset)
# Search /proc/pid directories.
allow rss_hwm_reset domain:dir search;
# Write to /proc/pid/clear_refs of other processes.
# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c
allow rss_hwm_reset self:global_capability_class_set { dac_override };
# Write to /prc/pid/clear_refs.
allow rss_hwm_reset domain:file w_file_perms;

View file

@ -1354,6 +1354,7 @@ define(`dac_override_allowed', `{
perfprofd
postinstall_dexopt
recovery
rss_hwm_reset
sdcardd
tee
ueventd

2
public/rss_hwm_reset.te Normal file
View file

@ -0,0 +1,2 @@
# rss_hwm_reset resets RSS high-water mark counters for all procesess.
type rss_hwm_reset, domain, coredomain, mlstrustedsubject;