Merge "Relabel /proc/kpageflags and grant access to heapprofd."

am: 5a3d30eadf Change-Id: I136e5373fe8a759424527eec20e71e0fafc08e82
2019-05-20 18:34:21 -07:00 · 2019-05-20 18:34:21 -07:00 · dbfa941a66
commit dbfa941a66
parent e7411536d8 5a3d30eadf
4 changed files with 5 additions and 0 deletions
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@ -1379,6 +1379,7 @@
  ( proc
    proc_fs_verity
    proc_keys
+    proc_kpageflags
    proc_lowmemorykiller
    proc_pressure_cpu
    proc_pressure_io
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -33,6 +33,7 @@ genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /swaps u:object_r:proc_swaps:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
 genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
 genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@ -50,6 +50,8 @@ userdebug_or_eng(`
  # Some dex files are not world-readable.
  # We are still constrained by the SELinux rules above.
  allow heapprofd self:global_capability_class_set dac_read_search;
+
+  allow heapprofd proc_kpageflags:file r_file_perms;
 ')

 # This is going to happen on user but is benign because central heapprofd
--- a/public/file.te
+++ b/public/file.te
@ -9,6 +9,7 @@ type proc_security, fs_type, proc_type;
 type proc_drop_caches, fs_type, proc_type;
 type proc_overcommit_memory, fs_type, proc_type;
 type proc_min_free_order_shift, fs_type, proc_type;
+type proc_kpageflags, fs_type, proc_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
 type usermodehelper, fs_type, proc_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;