Allow init to execute extra_free_kbytes.sh script

extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor value. Allow init to execute extra_free_kbytes.sh and the script to access /proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes files. Bug: 109664768 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832
2021-07-29 14:29:47 -07:00 · 2021-07-29 14:29:47 -07:00 · 6988677f22
commit 6988677f22
parent 16c9c6a557
6 changed files with 22 additions and 0 deletions
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@ -7,6 +7,8 @@
  ( new_objects
    artd_service
    camera2_extensions_prop
+    extra_free_kbytes
+    extra_free_kbytes_exec
    hal_contexthub_service
    hal_system_suspend_service
    hal_tv_tuner_service
@ -17,6 +19,7 @@
    tare_service
    transformer_service
    proc_watermark_boost_factor
+    proc_watermark_scale_factor
    untrusted_app_30
    proc_vendor_sched
    sysfs_vendor_sched
--- a/private/extra_free_kbytes.te
+++ b/private/extra_free_kbytes.te
@ -0,0 +1,3 @@
+typeattribute extra_free_kbytes coredomain;
+
+init_daemon_domain(extra_free_kbytes)
--- a/private/file_contexts
+++ b/private/file_contexts
@ -222,6 +222,7 @@
 /system/bin/e2fsdroid		u:object_r:e2fs_exec:s0
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
+/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0
 /system/bin/fsck\.exfat	--	u:object_r:fsck_exec:s0
 /system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
 /system/bin/init		u:object_r:init_exec:s0
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -87,6 +87,7 @@ genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
 genfscon proc /sys/vm/watermark_boost_factor u:object_r:proc_watermark_boost_factor:s0
+genfscon proc /sys/vm/watermark_scale_factor u:object_r:proc_watermark_scale_factor:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0
--- a/public/extra_free_kbytes.te
+++ b/public/extra_free_kbytes.te
@ -0,0 +1,13 @@
+# The extra_free_kbytes.sh script run by init.
+type extra_free_kbytes, domain;
+type extra_free_kbytes_exec, system_file_type, exec_type, file_type;
+
+# required permissions to run the script from init
+allow extra_free_kbytes shell_exec:file rx_file_perms;
+allow extra_free_kbytes system_file:file x_file_perms;
+allow extra_free_kbytes toolbox_exec:file rx_file_perms;
+
+# files used by the script
+allow extra_free_kbytes proc_extra_free_kbytes:file rw_file_perms;
+allow extra_free_kbytes proc_watermark_scale_factor:file rw_file_perms;
+allow extra_free_kbytes proc_zoneinfo:file r_file_perms;
--- a/public/file.te
+++ b/public/file.te
@ -77,6 +77,7 @@ type proc_uptime, fs_type, proc_type;
 type proc_version, fs_type, proc_type;
 type proc_vmallocinfo, fs_type, proc_type;
 type proc_vmstat, fs_type, proc_type;
+type proc_watermark_scale_factor, fs_type, proc_type;
 type proc_zoneinfo, fs_type, proc_type;
 type proc_vendor_sched, proc_type, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;