Merge "Allow system server read binderfs stats" into main

private/compat/34.0/34.0.ignore.cil

@@ -20,4 +20,5 @@
     proc_memhealth
     virtual_device_native_service
     next_boot_prop
+    binderfs_logs_stats
   ))

private/genfs_contexts

@@ -392,6 +392,7 @@ genfscon binder /hwbinder u:object_r:hwbinder_device:s0
 genfscon binder /vndbinder u:object_r:vndbinder_device:s0
 genfscon binder /binder_logs u:object_r:binderfs_logs:s0
 genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
+genfscon binder /binder_logs/stats u:object_r:binderfs_logs_stats:s0
 genfscon binder /features u:object_r:binderfs_features:s0
 
 genfscon inotifyfs / u:object_r:inotify:s0

private/system_server.te

@@ -1539,3 +1539,7 @@ allow system_server system_font_fallback_file:file r_file_perms;
 
 # Allow system server to set dynamic ART properties.
 set_prop(system_server, dalvik_dynamic_config_prop)
+
+# Allow system server to read binderfs
+allow system_server binderfs_logs:dir r_dir_perms;
+allow system_server binderfs_logs_stats:file r_file_perms;

public/dumpstate.te

@@ -379,6 +379,7 @@ allow dumpstate snapshotctl_log_data_file:file r_file_perms;
 allow dumpstate binderfs_logs:dir r_dir_perms;
 allow dumpstate binderfs_logs:file r_file_perms;
 allow dumpstate binderfs_logs_proc:file r_file_perms;
+allow dumpstate binderfs_logs_stats:file r_file_perms;
 
 use_apex_info(dumpstate)
 

public/file.te

@@ -7,6 +7,7 @@ type proc, fs_type, proc_type;
 type binderfs, fs_type;
 type binderfs_logs, fs_type;
 type binderfs_logs_proc, fs_type;
+type binderfs_logs_stats, fs_type;
 type binderfs_features, fs_type;
 # Security-sensitive proc nodes that should not be writable to most.
 type proc_security, fs_type, proc_type;