pixelstats: allow to access /proc/vmstat, sysfs ion and dma_heap
1. allow to access /sys/kernel/dma_heap for userdebug_or_eng
2. change the access to /proc/vmstat and /sys/kernel/ion/
for userdebug_or_eng
[ 35.559846] type=1400 audit(1616377125.092:909): avc: denied { search } for comm="pixelstats-vend" name="dma_heap" dev="sysfs" ino=27055 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_dma_heap:s0 tclass=dir permissive=1
[ 35.560046] type=1400 audit(1616377125.092:910): avc: denied { read } for comm="pixelstats-vend" name="total_pools_kb" dev="sysfs" ino=27056 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_dma_heap:s0 tclass=file permissive=1
[ 35.560167] type=1400 audit(1616377125.092:911): avc: denied { open } for comm="pixelstats-vend" path="/sys/kernel/dma_heap/total_pools_kb" dev="sysfs" ino=27056 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_dma_heap:s0 tclass=file permissive=1
[ 35.560244] type=1400 audit(1616377125.092:912): avc: denied { getattr } for comm="pixelstats-vend" path="/sys/kernel/dma_heap/total_pools_kb" dev="sysfs" ino=27056 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:sysfs_dma_heap:s0 tclass=file permissive=1
Bug: 173101018
Bug: 183338421
Test: no avc denied log when pixelstats reads the file nodes.
Signed-off-by: Chiawei Wang <chiaweiwang@google.com>
Change-Id: I57f15671cf8611d244030cabb686368a57be28e0
1 file changed