commit 004cc8c21ce37583c6631b61a10e8242993bcbd3
author Carlos Galo <carlosgalo@google.com> Tue Sep 19 18:35:44 2023 +0000
committer Carlos Galo <carlosgalo@google.com> Wed Sep 20 00:30:13 2023 +0000
tree 7eb9cb8cc24dd4a73a3ccfbfbe6bdc68e8a16caa
parent 5d94d75e388e9ad04bc40f5a1f5b1d9553f10fe7

system_server: allow access to proc/memhealth/*

Libmemevents requires read-access to the attribute files exposed by the
memhealth driver.

Test: build
Test: no denials to /proc/memhealth/oom_victim_list from libmemevents
Bug: 244232958
Change-Id: I617c75ab874ad948af37d3e345e5202e46781f3f
Signed-off-by: Carlos Galo <carlosgalo@google.com>

private/compat/34.0/34.0.ignore.cil

diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 3bdb37b..cc240fe 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -16,4 +16,5 @@
     remote_auth_service
     threadnetwork_service
     device_config_aconfig_flags_prop
+    proc_memhealth
   ))

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 759ac38..3d5c357 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -19,6 +19,7 @@
 genfscon proc /locks u:object_r:proc_locks:s0
 genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
+genfscon proc /memhealth u:object_r:proc_memhealth:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
 genfscon proc /mounts u:object_r:proc_mounts:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 136db38..1c3fbbb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1145,6 +1145,7 @@
 allow system_server dmabuf_system_secure_heap_device:chr_file r_file_perms;
 
 r_dir_file(system_server, proc_asound)
+r_dir_file(system_server, proc_memhealth)
 r_dir_file(system_server, proc_net_type)
 r_dir_file(system_server, proc_qtaguid_stat)
 allow system_server {