Merge "Revert "Update uprobestats SELinux policy"" into main
This commit is contained in:
commit
675247f370
9 changed files with 2 additions and 43 deletions
|
@ -9,5 +9,4 @@
|
|||
/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
|
||||
/bin/odrefresh u:object_r:odrefresh_exec:s0
|
||||
/bin/profman u:object_r:profman_exec:s0
|
||||
/bin/oatdump u:object_r:oatdump_exec:s0
|
||||
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
||||
|
|
|
@ -1269,5 +1269,3 @@
|
|||
/product/bin/otapreopt_script postinstall_exec
|
||||
/system/bin/otapreopt postinstall_dexopt_exec
|
||||
/product/bin/otapreopt postinstall_dexopt_exec
|
||||
/data/misc/uprobestats-configs uprobestats_configs_data_file
|
||||
/data/misc/uprobestats-configs/test uprobestats_configs_data_file
|
||||
|
|
|
@ -28,12 +28,6 @@ type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_f
|
|||
# /data/misc/perfetto-configs for perfetto configs
|
||||
type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /data/misc/uprobestats-configs for uprobestats configs
|
||||
type uprobestats_configs_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /apex/com.android.art/bin/oatdump
|
||||
type oatdump_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes
|
||||
type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes
|
||||
|
|
|
@ -663,7 +663,6 @@
|
|||
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
|
||||
/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
|
||||
/data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0
|
||||
/data/misc/uprobestats-configs(/.*)? u:object_r:uprobestats_configs_data_file:s0
|
||||
/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
|
||||
/data/misc/profcollectd(/.*)? u:object_r:profcollectd_data_file:s0
|
||||
/data/misc/radio(/.*)? u:object_r:radio_core_data_file:s0
|
||||
|
|
|
@ -45,7 +45,6 @@ system_internal_prop(snapuserd_prop)
|
|||
system_internal_prop(system_adbd_prop)
|
||||
system_internal_prop(timezone_metadata_prop)
|
||||
system_internal_prop(traced_perf_enabled_prop)
|
||||
system_internal_prop(uprobestats_start_with_config_prop)
|
||||
system_internal_prop(tuner_server_ctl_prop)
|
||||
system_internal_prop(userspace_reboot_log_prop)
|
||||
system_internal_prop(userspace_reboot_test_prop)
|
||||
|
|
|
@ -87,7 +87,6 @@ persist.traced.enable u:object_r:traced_enabled_prop:s0
|
|||
traced.lazy. u:object_r:traced_lazy_prop:s0
|
||||
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
|
||||
persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
|
||||
uprobestats.start_with_config u:object_r:uprobestats_start_with_config_prop:s0
|
||||
persist.vendor.debug.wifi. u:object_r:persist_vendor_debug_wifi_prop:s0
|
||||
persist.vendor.overlay. u:object_r:overlay_prop:s0
|
||||
ril.cdma.inecmmode u:object_r:radio_cdma_ecm_prop:s0 exact bool
|
||||
|
|
|
@ -28,10 +28,3 @@ binder_call(statsd, surfaceflinger);
|
|||
# Allow statsd to read its system properties
|
||||
get_prop(statsd, device_config_statsd_native_prop)
|
||||
get_prop(statsd, device_config_statsd_native_boot_prop)
|
||||
|
||||
# Allow statsd to write uprobestats configs.
|
||||
allow statsd uprobestats_configs_data_file:dir rw_dir_perms;
|
||||
allow statsd uprobestats_configs_data_file:file create_file_perms;
|
||||
|
||||
# Allow statsd to trigger uprobestats via property.
|
||||
set_prop(statsd, uprobestats_start_with_config_prop);
|
||||
|
|
|
@ -302,7 +302,6 @@ binder_call(system_server, virtual_camera)
|
|||
binder_call(system_server, vold)
|
||||
binder_call(system_server, logd)
|
||||
binder_call(system_server, wificond)
|
||||
binder_call(system_server, uprobestats)
|
||||
binder_service(system_server)
|
||||
|
||||
# Use HALs
|
||||
|
|
|
@ -4,8 +4,8 @@ typeattribute uprobestats bpfdomain;
|
|||
|
||||
type uprobestats_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# Allow init to start uprobestats.
|
||||
init_daemon_domain(uprobestats)
|
||||
# Allow uprobestats to be invoked by statsd.
|
||||
domain_auto_trans(statsd, uprobestats_exec, uprobestats)
|
||||
|
||||
allow uprobestats fs_bpf_uprobe_private:file { read write };
|
||||
allow uprobestats fs_bpf_uprobe_private:dir search;
|
||||
|
@ -14,24 +14,3 @@ allow uprobestats self:capability2 perfmon;
|
|||
allow uprobestats self:perf_event { cpu open write };
|
||||
allow uprobestats sysfs_uprobe:file { open read };
|
||||
allow uprobestats sysfs_uprobe:dir { search };
|
||||
|
||||
# Allow uprobestats to popen oatdump.
|
||||
allow uprobestats oatdump_exec:file rx_file_perms;
|
||||
|
||||
# Allow uprobestats to write atoms to statsd
|
||||
unix_socket_send(uprobestats, statsdw, statsd)
|
||||
|
||||
# For registration with system server as a process observer.
|
||||
binder_use(uprobestats)
|
||||
allow uprobestats activity_service:service_manager find;
|
||||
binder_call(uprobestats, system_server);
|
||||
|
||||
# Allow uprobestats to talk to native package manager
|
||||
allow uprobestats package_native_service:service_manager find;
|
||||
|
||||
# Allow uprobestats to scan /proc/<pid>/cmdline.
|
||||
r_dir_file(uprobestats, { domain -appdomain })
|
||||
|
||||
# Allow uprobestats to manage its own config files.
|
||||
allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms;
|
||||
allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink };
|
||||
|
|
Loading…
Reference in a new issue