Merge "Use kernel sys/fs/fuse/features/fuse_bpf flag to enable fuse_bpf"

2023-03-31 22:29:31 +00:00 · 2023-03-31 22:29:31 +00:00 · f784149627
commit f784149627
parent 326d35c04b 6b5da95419
5 changed files with 7 additions and 0 deletions
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@ -58,6 +58,7 @@
    servicemanager_prop
    shutdown_checkpoints_system_data_file
    stats_config_data_file
+    sysfs_fs_fuse_features
    system_net_netd_service
    timezone_metadata_prop
    traced_oome_heap_session_count_prop
--- a/private/domain.te
+++ b/private/domain.te
@ -56,6 +56,9 @@ can_profile_perf({
 # Everyone can access the IncFS list of features.
 r_dir_file(domain, sysfs_fs_incfs_features);

+# Everyone can access the fuse list of features.
+r_dir_file(domain, sysfs_fs_fuse_features);
+
 # Path resolution access in cgroups.
 allow domain cgroup:dir search;
 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@ -150,6 +150,7 @@ genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_fi
 genfscon sysfs /fs/ext4/features                  u:object_r:sysfs_fs_ext4_features:s0
 genfscon sysfs /fs/f2fs                           u:object_r:sysfs_fs_f2fs:s0
 genfscon sysfs /fs/fuse/bpf_prog_type_fuse        u:object_r:sysfs_fs_fuse_bpf:s0
+genfscon sysfs /fs/fuse/features                  u:object_r:sysfs_fs_fuse_features:s0
 genfscon sysfs /fs/incremental-fs/features        u:object_r:sysfs_fs_incfs_features:s0
 genfscon sysfs /fs/incremental-fs/instances       u:object_r:sysfs_fs_incfs_metrics:s0
 genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
--- a/private/isolated_app_all.te
+++ b/private/isolated_app_all.te
@ -95,6 +95,7 @@ neverallow { isolated_app_all -isolated_compute_app } {
  -sysfs_devices_system_cpu
  -sysfs_transparent_hugepage
  -sysfs_usb # TODO: check with audio team if needed for isolated_apps (b/28417852)
+  -sysfs_fs_fuse_features
  -sysfs_fs_incfs_features
 }:file no_rw_file_perms;

--- a/public/file.te
+++ b/public/file.te
@ -123,6 +123,7 @@ type sysfs_wakeup_reasons, fs_type, sysfs_type;
 type sysfs_fs_ext4_features, sysfs_type, fs_type;
 type sysfs_fs_f2fs, sysfs_type, fs_type;
 type sysfs_fs_fuse_bpf, sysfs_type, fs_type;
+type sysfs_fs_fuse_features, sysfs_type, fs_type;
 type sysfs_fs_incfs_features, sysfs_type, fs_type;
 type sysfs_fs_incfs_metrics, sysfs_type, fs_type;
 type sysfs_vendor_sched, sysfs_type, fs_type;