From 6988677f22d4f983dee3a531dfc15337c99032c8 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 29 Jul 2021 14:29:47 -0700 Subject: [PATCH] Allow init to execute extra_free_kbytes.sh script extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor value. Allow init to execute extra_free_kbytes.sh and the script to access /proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes files. Bug: 109664768 Signed-off-by: Suren Baghdasaryan Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832 --- private/compat/31.0/31.0.ignore.cil | 3 +++ private/extra_free_kbytes.te | 3 +++ private/file_contexts | 1 + private/genfs_contexts | 1 + public/extra_free_kbytes.te | 13 +++++++++++++ public/file.te | 1 + 6 files changed, 22 insertions(+) create mode 100644 private/extra_free_kbytes.te create mode 100644 public/extra_free_kbytes.te diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil index 34f37c2b6..8010071a5 100644 --- a/private/compat/31.0/31.0.ignore.cil +++ b/private/compat/31.0/31.0.ignore.cil @@ -7,6 +7,8 @@ ( new_objects artd_service camera2_extensions_prop + extra_free_kbytes + extra_free_kbytes_exec hal_contexthub_service hal_system_suspend_service hal_tv_tuner_service @@ -17,6 +19,7 @@ tare_service transformer_service proc_watermark_boost_factor + proc_watermark_scale_factor untrusted_app_30 proc_vendor_sched sysfs_vendor_sched diff --git a/private/extra_free_kbytes.te b/private/extra_free_kbytes.te new file mode 100644 index 000000000..af3088b92 --- /dev/null +++ b/private/extra_free_kbytes.te @@ -0,0 +1,3 @@ +typeattribute extra_free_kbytes coredomain; + +init_daemon_domain(extra_free_kbytes) diff --git a/private/file_contexts b/private/file_contexts index a5dd5a649..5433726a9 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -222,6 +222,7 @@ /system/bin/e2fsdroid u:object_r:e2fs_exec:s0 /system/bin/mke2fs u:object_r:e2fs_exec:s0 /system/bin/e2fsck -- u:object_r:fsck_exec:s0 +/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0 /system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0 /system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0 /system/bin/init u:object_r:init_exec:s0 diff --git a/private/genfs_contexts b/private/genfs_contexts index 906dee963..664a3b31a 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -87,6 +87,7 @@ genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0 genfscon proc /sys/vm/watermark_boost_factor u:object_r:proc_watermark_boost_factor:s0 +genfscon proc /sys/vm/watermark_scale_factor u:object_r:proc_watermark_scale_factor:s0 genfscon proc /timer_list u:object_r:proc_timer:s0 genfscon proc /timer_stats u:object_r:proc_timer:s0 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0 diff --git a/public/extra_free_kbytes.te b/public/extra_free_kbytes.te new file mode 100644 index 000000000..ed0c9356f --- /dev/null +++ b/public/extra_free_kbytes.te @@ -0,0 +1,13 @@ +# The extra_free_kbytes.sh script run by init. +type extra_free_kbytes, domain; +type extra_free_kbytes_exec, system_file_type, exec_type, file_type; + +# required permissions to run the script from init +allow extra_free_kbytes shell_exec:file rx_file_perms; +allow extra_free_kbytes system_file:file x_file_perms; +allow extra_free_kbytes toolbox_exec:file rx_file_perms; + +# files used by the script +allow extra_free_kbytes proc_extra_free_kbytes:file rw_file_perms; +allow extra_free_kbytes proc_watermark_scale_factor:file rw_file_perms; +allow extra_free_kbytes proc_zoneinfo:file r_file_perms; diff --git a/public/file.te b/public/file.te index def74af78..984b783ea 100644 --- a/public/file.te +++ b/public/file.te @@ -77,6 +77,7 @@ type proc_uptime, fs_type, proc_type; type proc_version, fs_type, proc_type; type proc_vmallocinfo, fs_type, proc_type; type proc_vmstat, fs_type, proc_type; +type proc_watermark_scale_factor, fs_type, proc_type; type proc_zoneinfo, fs_type, proc_type; type proc_vendor_sched, proc_type, fs_type; type selinuxfs, fs_type, mlstrustedobject;