tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow system_server to write to bpf maps" am: b761636b9d am: ac0b2ee2fd

Browse source 
am: 096a2d3018

Change-Id: I2de8c56981abdc3795b03e6588cbc60a28db37c0
This commit is contained in:
Chenbo Feng 2019-01-24 11:58:10 -08:00 committed by android-build-merger
commit 6e6b8b5fa9
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
private/system_server.te
View file

@ -847,11 +847,15 @@ with_asan(`
allow system_server zygote_exec:file rx_file_perms;
')
# allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
# allow system_server to read the eBPF maps that stores the traffic stats information and update
# the map after snapshot is recorded
allow system_server fs_bpf:dir search;
allow system_server fs_bpf:file read;
allow system_server bpfloader:bpf map_read;
allow system_server fs_bpf:file { read write };
allow system_server bpfloader:bpf { map_read map_write };
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
# TODO: Remove this permission when 4.9 kernel is deprecated.
allow system_server self:key_socket create;
# ART Profiles.
# Allow system_server to open profile snapshots for read.