tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[sepolicy] allow system server to read incfs metrics from sysfs

Browse source 
Address denial messages like:

05-05 05:02:21.480  1597  1597 W Binder:1597_12: type=1400 audit(0.0:140): avc: denied { read } for name="reads_delayed_min" dev="sysfs" ino=107358 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

BUG: 184844615
Test: atest android.cts.statsdatom.incremental.AppErrorAtomTests#testAppCrashOnIncremental
Change-Id: I201e27e48a08f99f41a030e06c6f22518294e056
This commit is contained in:
Songchun Fan 2021-05-04 22:40:23 -07:00
parent 6c03124c3c
commit 633f7ca868
4 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/30.0/30.0.cil
View file

@ -2012,6 +2012,7 @@
(typeattributeset surfaceflinger_tmpfs_30_0 (surfaceflinger_tmpfs))
(typeattributeset swap_block_device_30_0 (swap_block_device))
(typeattributeset sysfs_30_0 (sysfs sysfs_fs_incfs_features))
(typeattributeset sysfs_30_0 (sysfs sysfs_fs_incfs_metrics))
(typeattributeset sysfs_android_usb_30_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_30_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_30_0 (sysfs_bluetooth_writable))

1
private/genfs_contexts
View file

@ -142,6 +142,7 @@ genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_fi
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
genfscon sysfs /fs/incremental-fs/features u:object_r:sysfs_fs_incfs_features:s0
genfscon sysfs /fs/incremental-fs/instances u:object_r:sysfs_fs_incfs_metrics:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0

3
private/system_server.te
View file

@ -46,6 +46,9 @@ allowxperm system_server apk_data_file:file ioctl {
INCFS_IOCTL_GET_BLOCK_COUNT
};
# For Incremental Service to check incfs metrics
allow system_server sysfs_fs_incfs_metrics:file r_file_perms;
# For art.
allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;

1
public/file.te
View file

@ -115,6 +115,7 @@ type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;
type sysfs_fs_f2fs, sysfs_type, fs_type;
type sysfs_fs_incfs_features, sysfs_type, fs_type;
type sysfs_fs_incfs_metrics, sysfs_type, fs_type;
type fs_bpf, fs_type;
type fs_bpf_tethering, fs_type;
type configfs, fs_type;