From 5c5fd255d2ab6363658a73ef62739ed1fd41ad0a Mon Sep 17 00:00:00 2001 From: Akilesh Kailash Date: Wed, 5 Jan 2022 04:21:44 +0000 Subject: [PATCH] New property to control Async I/O for snapuserd io_uring_setup() system call requires ipc_lock. (avc: denied { ipc_lock } for comm="snapuserd" capability=14 scontext=u:r:snapuserd:s0 tcontext=u:r:snapuserd:s0 tclass=capability permissive=0) Add selinux policy. Bug: 202784286 Test: OTA tests Signed-off-by: Akilesh Kailash Change-Id: I806714c7ade0a5d4821b061396c9f064ee5ed8b6 --- private/property_contexts | 2 ++ private/snapuserd.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/private/property_contexts b/private/property_contexts index 3650a44ec..5a9f0e8ff 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -296,9 +296,11 @@ ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0 exact bool ro.virtual_ab.compression.enabled u:object_r:virtual_ab_prop:s0 exact bool ro.virtual_ab.compression.xor.enabled u:object_r:virtual_ab_prop:s0 exact bool ro.virtual_ab.userspace.snapshots.enabled u:object_r:virtual_ab_prop:s0 exact bool +ro.virtual_ab.io_uring.enabled u:object_r:virtual_ab_prop:s0 exact bool snapuserd.ready u:object_r:snapuserd_prop:s0 exact bool snapuserd.proxy_ready u:object_r:snapuserd_prop:s0 exact bool snapuserd.test.dm.snapshots u:object_r:snapuserd_prop:s0 exact bool +snapuserd.test.io_uring.force_disable u:object_r:snapuserd_prop:s0 exact bool ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string # Property to set/clear the warm reset flag after an OTA update. diff --git a/private/snapuserd.te b/private/snapuserd.te index e3b43a13e..2e2c473ef 100644 --- a/private/snapuserd.te +++ b/private/snapuserd.te @@ -8,6 +8,8 @@ init_daemon_domain(snapuserd) allow snapuserd kmsg_device:chr_file rw_file_perms; +allow snapuserd self:capability ipc_lock; + # Allow snapuserd to reach block devices in /dev/block. allow snapuserd block_device:dir search;