tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow system server to access bpf fs

Browse source 
The permission to allow system_server to access sys/fs/bpf/ directory
is missing. Add it back so it can get the bpf maps from the bpf_fs.

Test: device boot and no more denial information of system_server try to
searcg in fs_bpf
      atest android.net.cts.TrafficStatsTest
Bug: 75285088

Change-Id: I1040cde6c038eccc4e91c69a10b20aa7a18b19f6
(cherry picked from aosp commit f83bbd17b2)
This commit is contained in:
Chenbo Feng 2018-03-23 16:01:10 -07:00
parent e55424941e
commit 88ef20aa71
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/system_server.te
View file

@ -756,6 +756,7 @@ with_asan(`
# allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
# the map after snapshot is recorded
allow system_server fs_bpf:dir search;
allow system_server fs_bpf:file read;
allow system_server netd:bpf map_read;