MM: create GKI version of sepolicy
Bug: 190571517
Bug: 189938926
Bug: 190732106
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
Merged-In: Id5c39f45b0dd88e4c7c972fa60f416c715d6f34d
diff --git a/mm/gki/init-mm-logging.sh.te b/mm/gki/init-mm-logging.sh.te
new file mode 100644
index 0000000..ae05e7b
--- /dev/null
+++ b/mm/gki/init-mm-logging.sh.te
@@ -0,0 +1,19 @@
+type init-mm-logging-sh, domain;
+type init-mm-logging-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-mm-logging-sh)
+
+dontaudit init-mm-logging-sh { domain -kernel }:{ file dir } *;
+dontaudit init-mm-logging-sh self:capability sys_ptrace;
+
+userdebug_or_eng(`
+ allow init-mm-logging-sh vendor_toolbox_exec:file rx_file_perms;
+ allow init-mm-logging-sh proc_vmstat:file r_file_perms;
+ allow init-mm-logging-sh mm_logd_vendor_data_file:dir create_dir_perms;
+ allow init-mm-logging-sh mm_logd_vendor_data_file:file create_file_perms;
+ # Allow /proc/<pid>/stat
+ allow init-mm-logging-sh kernel:dir r_dir_perms;
+ allow init-mm-logging-sh kernel:file r_file_perms;
+ allow init-mm-logging-sh proc_stat:file r_file_perms;
+')
+