tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow global read access to /sys/kernel/mm/transparent_hugepage/ am: d6c5ff5f72

Browse source 
am: f59537cd15

Change-Id: Ib315da0e98e8e0137a7a3164f2b6e947b77c053d
This commit is contained in:
Tri Vo 2019-03-13 16:59:32 -07:00 committed by android-build-merger
commit fb81c6462b
5 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/compat/28.0/28.0.cil
View file

@ -1543,7 +1543,8 @@
( sysfs
sysfs_devices_block
sysfs_extcon
sysfs_loop))
sysfs_loop
sysfs_transparent_hugepage))
(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))

1
private/genfs_contexts
View file

@ -133,6 +133,7 @@ genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0

1
private/isolated_app.te
View file

@ -127,6 +127,7 @@ neverallow isolated_app webview_zygote:sock_file write;
neverallow isolated_app {
sysfs_type
-sysfs_devices_system_cpu
-sysfs_transparent_hugepage
-sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
}:file no_rw_file_perms;

5
public/domain.te
View file

@ -205,6 +205,11 @@ r_dir_file(domain, sysfs_devices_system_cpu)
r_dir_file(domain, sysfs_usb);
# If kernel CONFIG_TRANSPARENT_HUGEPAGE is enabled, libjemalloc5 (statically
# included by libc) reads /sys/kernel/mm/transparent_hugepage/enabled.
allow domain sysfs_transparent_hugepage:dir search;
allow domain sysfs_transparent_hugepage:file r_file_perms;
# files under /data.
not_full_treble(`
allow domain system_data_file:dir getattr;

1
public/file.te
View file

@ -92,6 +92,7 @@ type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;
type sysfs_switch, fs_type, sysfs_type;
type sysfs_transparent_hugepage, fs_type, sysfs_type;
type sysfs_usb, fs_type, sysfs_type;
type sysfs_wakeup_reasons, fs_type, sysfs_type;
type sysfs_fs_ext4_features, sysfs_type, fs_type;