tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Relabel /proc/kpageflags and grant access to heapprofd."

Browse source
This commit is contained in:
Treehugger Robot 2019-05-21 00:03:59 +00:00 committed by Gerrit Code Review
commit 5a3d30eadf
4 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/28.0/28.0.cil
View file

@ -1379,6 +1379,7 @@
( proc ( proc
proc_fs_verity proc_fs_verity
proc_keys proc_keys
proc_kpageflags
proc_lowmemorykiller proc_lowmemorykiller
proc_pressure_cpu proc_pressure_cpu
proc_pressure_io proc_pressure_io

1
private/genfs_contexts
View file

@ -33,6 +33,7 @@ genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0 genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0 genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0 genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0 genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0

2
private/heapprofd.te
View file

@ -50,6 +50,8 @@ userdebug_or_eng(`
# Some dex files are not world-readable. # Some dex files are not world-readable.
# We are still constrained by the SELinux rules above. # We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search; allow heapprofd self:global_capability_class_set dac_read_search;
allow heapprofd proc_kpageflags:file r_file_perms;
') ')
# This is going to happen on user but is benign because central heapprofd # This is going to happen on user but is benign because central heapprofd

1
public/file.te
View file

@ -9,6 +9,7 @@ type proc_security, fs_type, proc_type;
type proc_drop_caches, fs_type, proc_type; type proc_drop_caches, fs_type, proc_type;
type proc_overcommit_memory, fs_type, proc_type; type proc_overcommit_memory, fs_type, proc_type;
type proc_min_free_order_shift, fs_type, proc_type; type proc_min_free_order_shift, fs_type, proc_type;
type proc_kpageflags, fs_type, proc_type;
# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
type usermodehelper, fs_type, proc_type; type usermodehelper, fs_type, proc_type;
type sysfs_usermodehelper, fs_type, sysfs_type; type sysfs_usermodehelper, fs_type, sysfs_type;