From 8c6552acfba677442d565a0c7f8e44f5f2af57f2 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 25 Jun 2014 09:23:57 -0700 Subject: [PATCH] Allow system_server to read all /proc files system_server scans through /proc to keep track of process memory and CPU usage. It needs to do this for all processes, not just appdomain processes, to properly account for CPU and memory usage. Allow it. Addresses the following errors which have been showing up in logcat: W/ProcessCpuTracker(12159): Skipping unknown process pid 1 W/ProcessCpuTracker(12159): Skipping unknown process pid 2 W/ProcessCpuTracker(12159): Skipping unknown process pid 3 Bug: 15862412 Change-Id: I0a75314824404e060c6914c06a371f2ff2e80512 --- system_server.te | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/system_server.te b/system_server.te index 619e5f906..726ea8c0e 100644 --- a/system_server.te +++ b/system_server.te @@ -77,19 +77,14 @@ allow system_server appdomain:process { sigkill signal }; allow system_server appdomain:process { getsched setsched }; allow system_server mediaserver:process { getsched setsched }; -# Read /proc/pid data for apps. -r_dir_file(system_server, appdomain) +# Read /proc/pid data for all domains. This is used by ProcessCpuTracker +# within system_server to keep track of memory and CPU usage for +# all processes on the device. +r_dir_file(system_server, domain) # Write to /proc/pid/oom_adj_score for apps. allow system_server appdomain:file write; -# Silently deny access to any /proc/pid files other than -# the ones allowed via allow rule. Avoids filling the logs -# with noise from /proc/pid traversals by ActivityManager, -# CpuTracker, and possibly other system_server components. -dontaudit system_server domain:dir r_dir_perms; -dontaudit system_server domain:{ file lnk_file } r_file_perms; - # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid. allow system_server qtaguid_proc:file rw_file_perms; allow system_server qtaguid_device:chr_file rw_file_perms;