From c50fecd8efca66e24aa9b42a53a7ddd2888157aa Mon Sep 17 00:00:00 2001 From: David Massoud Date: Fri, 16 Apr 2021 20:02:06 +0800 Subject: [PATCH] Allow traced_probes to read devfreq - Add dir read access to /sys/class/devfreq/ - Add file read access to /sys/class/devfreq/$DEVICE/cur_freq Resolves the following denials: W traced_probes: type=1400 audit(0.0:8): avc: denied { read } for name="devfreq" dev="sysfs" ino=28076 scontext=u:r:traced_probes:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 W traced_probes: type=1400 audit(0.0:226): avc: denied { read } for name="cur_freq" dev="sysfs" ino=54729 scontext=u:r:traced_probes:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 See ag/14187061 for device specific sysfs_devfreq_cur labels Bug: 181850306 Test: ls -Z, record perfetto trace Change-Id: I23cebb16505313160e14b49e82e24da9b81cad70 --- private/compat/30.0/30.0.ignore.cil | 2 ++ private/traced_probes.te | 4 ++++ public/file.te | 2 ++ 3 files changed, 8 insertions(+) diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil index 3bf3a1302..89a8b3d33 100644 --- a/private/compat/30.0/30.0.ignore.cil +++ b/private/compat/30.0/30.0.ignore.cil @@ -114,6 +114,8 @@ snapuserd_socket soc_prop speech_recognition_service + sysfs_devfreq_cur + sysfs_devfreq_dir sysfs_devices_cs_etm sysfs_dma_heap sysfs_dmabuf_stats diff --git a/private/traced_probes.te b/private/traced_probes.te index da9c6356a..2c4ee9da9 100644 --- a/private/traced_probes.te +++ b/private/traced_probes.te @@ -82,6 +82,10 @@ allow traced_probes { proc_stat }:file r_file_perms; +# Allow access to read /sys/class/devfreq/ and /$DEVICE/cur_freq files +allow traced_probes sysfs_devfreq_dir:dir r_dir_perms; +allow traced_probes sysfs_devfreq_cur:file r_file_perms; + # Allow access to the IHealth and IPowerStats HAL service for tracing battery counters. hal_client_domain(traced_probes, hal_health) hal_client_domain(traced_probes, hal_power_stats) diff --git a/public/file.te b/public/file.te index 174a14997..c31bb9dd4 100644 --- a/public/file.te +++ b/public/file.te @@ -86,6 +86,8 @@ type sysfs_android_usb, fs_type, sysfs_type; type sysfs_uio, sysfs_type, fs_type; type sysfs_batteryinfo, fs_type, sysfs_type; type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; +type sysfs_devfreq_cur, fs_type, sysfs_type; +type sysfs_devfreq_dir, fs_type, sysfs_type; type sysfs_devices_block, fs_type, sysfs_type; type sysfs_dm, fs_type, sysfs_type; type sysfs_dm_verity, fs_type, sysfs_type;