tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Sepolicy for mm events trace instance"

Browse source
This commit is contained in:
Kalesh Singh 2021-01-26 14:33:39 +00:00 committed by Gerrit Code Review
commit d37f2e9d65
4 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/compat/30.0/30.0.ignore.cil
View file

@ -17,6 +17,7 @@
cgroup_v2
ctl_snapuserd_prop
debugfs_kprobes
debugfs_mm_events_tracing
device_config_profcollect_native_boot_prop
device_state_service
dm_user_device

2
private/genfs_contexts
View file

@ -174,6 +174,8 @@ genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon tracefs /instances/mm_events u:object_r:debugfs_mm_events_tracing:s0
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0

6
private/traced_probes.te
View file

@ -16,6 +16,11 @@ allow traced_probes debugfs_tracing:file rw_file_perms;
allow traced_probes debugfs_trace_marker:file getattr;
allow traced_probes debugfs_tracing_printk_formats:file r_file_perms;
# Allow traced_probes to access mm_events trace instance
allow traced_probes debugfs_tracing_instances:dir search;
allow traced_probes debugfs_mm_events_tracing:dir search;
allow traced_probes debugfs_mm_events_tracing:file rw_file_perms;
# TODO(primiano): temporarily I/O tracing categories are still
# userdebug only until we nail down the denylist/allowlist.
userdebug_or_eng(`
@ -137,3 +142,4 @@ neverallow traced_probes {
# Only init is allowed to enter the traced_probes domain via exec()
neverallow { domain -init } traced_probes:process transition;
neverallow * traced_probes:process dyntransition;

1
public/file.te
View file

@ -138,6 +138,7 @@ type exfat, sdcard_type, fs_type, mlstrustedobject;
type debugfs, fs_type, debugfs_type;
type debugfs_kprobes, fs_type, debugfs_type;
type debugfs_mmc, fs_type, debugfs_type;
type debugfs_mm_events_tracing, fs_type, debugfs_type;
type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject;