New property to control Async I/O for snapuserd

io_uring_setup() system call requires ipc_lock. (avc: denied { ipc_lock } for comm="snapuserd" capability=14 scontext=u:r:snapuserd:s0 tcontext=u:r:snapuserd:s0 tclass=capability permissive=0) Add selinux policy. Bug: 202784286 Test: OTA tests Signed-off-by: Akilesh Kailash <akailash@google.com> Change-Id: I806714c7ade0a5d4821b061396c9f064ee5ed8b6
2022-01-05 04:21:44 +00:00 · 2022-01-05 04:21:44 +00:00 · 5c5fd255d2
commit 5c5fd255d2
parent b4cc3b36f4
2 changed files with 4 additions and 0 deletions
--- a/private/property_contexts
+++ b/private/property_contexts
@ -296,9 +296,11 @@ ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.compression.enabled  u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.compression.xor.enabled   u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.userspace.snapshots.enabled u:object_r:virtual_ab_prop:s0 exact bool
+ro.virtual_ab.io_uring.enabled u:object_r:virtual_ab_prop:s0 exact bool
 snapuserd.ready         u:object_r:snapuserd_prop:s0 exact bool
 snapuserd.proxy_ready   u:object_r:snapuserd_prop:s0 exact bool
 snapuserd.test.dm.snapshots u:object_r:snapuserd_prop:s0 exact bool
+snapuserd.test.io_uring.force_disable u:object_r:snapuserd_prop:s0 exact bool

 ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string
 # Property to set/clear the warm reset flag after an OTA update.
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@ -8,6 +8,8 @@ init_daemon_domain(snapuserd)

 allow snapuserd kmsg_device:chr_file rw_file_perms;

+allow snapuserd self:capability ipc_lock;
+
 # Allow snapuserd to reach block devices in /dev/block.
 allow snapuserd block_device:dir search;