Merge "sepolicy: Allow creating synthetic trace events"

2021-11-09 14:26:19 +00:00 · 2021-11-09 14:26:19 +00:00 · 9e6dcd74fc
commit 9e6dcd74fc
parent 0185fc6e12 fab8e1c1cc
2 changed files with 11 additions and 0 deletions
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -229,6 +229,12 @@ genfscon tracefs /events/ext4/ext4_sync_file_exit/           u:object_r:debugfs_
 genfscon tracefs /events/block/block_rq_issue/               u:object_r:debugfs_tracing:s0
 genfscon tracefs /events/block/block_rq_complete/            u:object_r:debugfs_tracing:s0

+genfscon tracefs /synthetic_events                                       u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/synthetic/rss_stat_throttled                    u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /tracing/synthetic_events                               u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/synthetic/rss_stat_throttled            u:object_r:debugfs_tracing:s0
+
 genfscon tracefs /trace_clock                                            u:object_r:debugfs_tracing:s0
 genfscon tracefs /buffer_size_kb                                         u:object_r:debugfs_tracing:s0
 genfscon tracefs /options/overwrite                                      u:object_r:debugfs_tracing:s0
--- a/private/init.te
+++ b/private/init.te
@ -106,6 +106,11 @@ neverallow { domain -init } keystore_listen_prop:property_service set;
 # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
 allow init debugfs_bootreceiver_tracing:file w_file_perms;

+# Devices with kernels where CONFIG_HIST_TRIGGERS isn't enabled will
+# attempt to write a non exisiting 'synthetic_events' file, when setting
+# up synthetic events. This is a no-op in tracefs.
+dontaudit init debugfs_tracing_debug:dir { write add_name };
+
 # chown/chmod on devices.
 allow init {
  dev_type