From 2c3ef29ed56479016220a30f5a2402aea65cd052 Mon Sep 17 00:00:00 2001 From: Hridya Valsaraju Date: Mon, 1 Feb 2021 10:25:05 -0800 Subject: [PATCH] Allow dumpsys to read total DMA-BUF heap pool size These permissions are added to allow dumpsys to read /sys/kernel/dma_heap/total_pools_kb. Fixes the following sepolicy denials: avc: denied { read } for name="total_pools_kb" dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { open } for path="/sys/kernel/dma_heap/total_pools_kb" dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 avc: denied { getattr } for path="/sys/kernel/dma_heap/total_pools_kb" dev="sysfs" ino=3252 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 Bug: 167709539 Test: dumpsys meminfo Change-Id: I1c15b41b067da84a7b629cafe27972f30c86ae27 --- private/compat/30.0/30.0.ignore.cil | 1 + private/genfs_contexts | 1 + private/system_server.te | 3 +++ public/file.te | 1 + 4 files changed, 6 insertions(+) diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil index c6f834708..5ff5e5300 100644 --- a/private/compat/30.0/30.0.ignore.cil +++ b/private/compat/30.0/30.0.ignore.cil @@ -82,6 +82,7 @@ soc_prop speech_recognition_service sysfs_devices_cs_etm + sysfs_dma_heap sysfs_dmabuf_stats sysfs_uhid system_server_dumper_service diff --git a/private/genfs_contexts b/private/genfs_contexts index 960110fd6..05dc06fee 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -148,6 +148,7 @@ genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0 genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0 genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0 genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0 +genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0 genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0 diff --git a/private/system_server.te b/private/system_server.te index 4eb2d38e5..de9576833 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -189,6 +189,9 @@ allow system_server debugfs_wakeup_sources:file r_file_perms; # Read /sys/kernel/ion/*. allow system_server sysfs_ion:file r_file_perms; +# Read /sys/kernel/dma_heap/*. +allow system_server sysfs_dma_heap:file r_file_perms; + # The DhcpClient and WifiWatchdog use packet_sockets allow system_server self:packet_socket create_socket_perms_no_ioctl; diff --git a/public/file.te b/public/file.te index 0cf465c32..181979c7b 100644 --- a/public/file.te +++ b/public/file.te @@ -88,6 +88,7 @@ type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; type sysfs_devices_block, fs_type, sysfs_type; type sysfs_dm, fs_type, sysfs_type; type sysfs_dm_verity, fs_type, sysfs_type; +type sysfs_dma_heap, fs_type, sysfs_type; type sysfs_dmabuf_stats, fs_type, sysfs_type; type sysfs_dt_firmware_android, fs_type, sysfs_type; type sysfs_extcon, fs_type, sysfs_type;