Commit graph

8 commits

Author SHA1 Message Date
Yan Wang
a9df37fff2 selinux: Allow system_server to access files in iorapd dir.
Bug: 158007508
Test: make and see if system server could access iorapd dir.
Change-Id: I4cff9b4154d7e633d8437de84c51ac1ca334cbcf
2020-06-09 00:19:41 +00:00
Yan Wang
9ef72aae58 sepolicy: Allow iorapd process to send signal to prefetch and
inode2filename process.

Bug: 157282668
Test: Check no avc: denied in logcat.
Change-Id: I298cea931c8d6f178bc0195bfced0e8efc51fcad
2020-06-01 20:05:30 +00:00
Igor Murashkin
cb8a889b64 iorapd: Allow dumpstate (bugreport) to dump iorapd
Bug: 152616197
Test: adb bugreport
Change-Id: I36e3b6d847341ddd84792ccc3f2c2c620e1c3f7b
2020-03-27 13:15:12 -07:00
Yan Wang
67e8fcc902 Using macro "rx_file_perms" instead of "execute_no_trans".
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
2020-01-09 13:23:01 -08:00
Yan Wang
7d844ee436 Add Selinux rule to allow iorapd to execute compiler.
Bug: 147320338
Test: Run the maintenance and check if the compiled is executed.
Change-Id: Idbd193483a106969a8a421150101efa00aee460d
2020-01-09 12:43:18 -08:00
Jeff Vander Stoep
6742ab4e4e iorapd: add tmpfs type
Fixes build breakage:
system/sepolicy/private/traced.te:36:ERROR 'unknown type iorapd_tmpfs' at token ';' on line 43166:

Bug: 123445058
Test: build marlin-userdebug
Change-Id: Iefeba03ed2efee92fb0d61214514338c6d999bd1
(cherry picked from commit 426ff11951)
2019-01-26 12:55:13 -08:00
Primiano Tucci
79d1dbbc05 Allow iorapd to access perfetto
This requires moving the type declaration of
perfetto traced to public, because iorapd
needs to refer to it.

Denials without this CL:
https://pastebin.com/raw/sxHMeLEU

Bug: 72170747
Test: 1. runcon u:r:iorapd:s0 iorap.cmd.perfetto \
          -v --output-proto /data/misc/iorapd/test
      2. Check that no selinux denials other than
         avc: denied { entrypoint } for path="/system/bin/iorap.cmd.perfetto" dev="sda6" ino=21 scontext=u:r:iorapd:s0 tcontext=u:object_r:system_file:s0 tclass=file permissive=1
         show up (this is a side-effect of runcon).

Change-Id: Iacd1ab201fe9fb2a6302dbd528f42f709cbca054
2019-01-23 22:43:47 +00:00
Igor Murashkin
72a88b194c iorapd: Add new binder service iorapd.
This daemon is very locked down. Only system_server can access it.

Bug: 72170747
Change-Id: I7b72b9191cb192be96001d84d067c28292c9688f
2018-10-08 15:00:34 -07:00