tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

zygote: Add setattr permission to cgroup

Browse source 
Credit to Himanshu Agrawal <quic_hagraw@quicinc.com> for this fix.

Like we do with cgroup_v2, we set attribute permission to cgroup
as well.

Test: On a Go device, which uses cgroup instead of cgroup_v2
Bug: 211037424
Change-Id: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
Merged-In: I5d58c9f549d205f1a8bdce6c5fba1cc833f2b492
This commit is contained in:
Greg Kaiser 2021-12-16 14:14:29 -08:00
parent df750bb105
commit ed71842c6d
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/32.0/private/zygote.te
View file

@ -112,7 +112,7 @@ r_dir_file(zygote, vendor_overlay_file)
# Control cgroups.
allow zygote cgroup:dir create_dir_perms;
allow zygote cgroup:{ file lnk_file } r_file_perms;
allow zygote cgroup:{ file lnk_file } { r_file_perms setattr };
allow zygote cgroup_v2:dir create_dir_perms;
allow zygote cgroup_v2:{ file lnk_file } { r_file_perms setattr };
allow zygote self:global_capability_class_set sys_admin;

2
private/zygote.te
View file

@ -112,7 +112,7 @@ r_dir_file(zygote, vendor_overlay_file)
# Control cgroups.
allow zygote cgroup:dir create_dir_perms;
allow zygote cgroup:{ file lnk_file } r_file_perms;
allow zygote cgroup:{ file lnk_file } { r_file_perms setattr };
allow zygote cgroup_v2:dir create_dir_perms;
allow zygote cgroup_v2:{ file lnk_file } { r_file_perms setattr };
allow zygote self:global_capability_class_set sys_admin;