Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 0001dee765cf33c84139fc3274092ab197dc83a7^! / .
commit0001dee765cf33c84139fc3274092ab197dc83a7[log] [tgz]
authorHridya Valsaraju <hridya@google.com>Wed Feb 10 11:19:29 2021 -0800
committerHridya Valsaraju <hridya@google.com>Thu Feb 11 10:04:26 2021 -0800
tree0227a8671c50fc74d75c719c56d2e751564d60a7
parent7b3ae030264f77f63e8cdcc1dc6b8b138f2d0ca6 [diff]
Allow dumpsys meminfo to print out DMA-BUF statistics

These permissions fix the following denials:

avc: denied { read } for name="buffers" dev="sysfs" ino=3267
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_dmabuf_stats:s0
tclass=dir permissive=1
avc: denied { open } for path="/sys/kernel/dmabuf/buffers" dev="sysfs"
ino=3267 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=dir permissive=1
avc: denied { read } for name="size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/kernel/dmabuf/buffers/41673/size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0
tcontext=u:object_r:sysfs_dmabuf_stats:s0 tclass=file permissive=1
avc: denied { getattr } for path="/sys/kernel/dmabuf/buffers/41673/size" dev="sysfs"
ino=30556 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_dmabuf_stats:s0
tclass=file permissive=1
avc: denied { read } for name="dma_heap" dev="tmpfs" ino=344
scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=1
avc: denied { open } for path="/dev/dma_heap" dev="tmpfs" ino=344
scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_heap_device:s0
tclass=dir permissive=1

Test: adb shell dumpsys meminfo
Bug: 167709539
Change-Id: Ifa43fd16369d5da1db16e45ff0e189da0c975b75

diff --git a/private/system_server.te b/private/system_server.te
index 06673c3..906e259 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -192,6 +192,14 @@
 # Read /sys/kernel/dma_heap/*.
 allow system_server sysfs_dma_heap:file r_file_perms;
 
+# Allow reading DMA-BUF sysfs stats from /sys/kernel/dmabuf.
+allow system_server sysfs_dmabuf_stats:dir r_dir_perms;
+allow system_server sysfs_dmabuf_stats:file r_file_perms;
+
+# Allow ActivityManager to look at the list of DMA-BUF heaps from /dev/dma_heap
+# for dumpsys meminfo
+allow system_server dmabuf_heap_device:dir r_dir_perms;
+
 # The DhcpClient and WifiWatchdog use packet_sockets
 allow system_server self:packet_socket create_socket_perms_no_ioctl;