Merge changes from topic "debugfs_neverallow"
* changes:
Check that tracefs files are labelled as tracefs_type
Exclude vendor_modprobe from debugfs neverallow restrictions
Add neverallows for debugfs access
Add a neverallow for debugfs mounting
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 2b2b04a..c158a30 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1299,6 +1299,7 @@
(typeattributeset default_android_vndservice_30_0 (default_android_vndservice))
(typeattributeset default_prop_30_0 (
default_prop
+ audio_config_prop
build_config_prop
suspend_prop
init_service_status_private_prop
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index ac38f04..7ec4db3 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -116,6 +116,8 @@
snapuserd_socket
soc_prop
speech_recognition_service
+ sysfs_devfreq_cur
+ sysfs_devfreq_dir
sysfs_devices_cs_etm
sysfs_dma_heap
sysfs_dmabuf_stats
diff --git a/private/property_contexts b/private/property_contexts
index 7356a34..bb4e2ac 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -303,8 +303,9 @@
# history size.
ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0
-af.fast_track_multiplier u:object_r:audio_config_prop:s0 exact int
-ro.af.client_heap_size_kbyte u:object_r:audio_config_prop:s0 exact int
+af.fast_track_multiplier u:object_r:audio_config_prop:s0 exact int
+ro.af.client_heap_size_kbyte u:object_r:audio_config_prop:s0 exact int
+ro.audio.flinger_standbytime_ms u:object_r:audio_config_prop:s0 exact int
audio.camerasound.force u:object_r:audio_config_prop:s0 exact bool
audio.deep_buffer.media u:object_r:audio_config_prop:s0 exact bool
diff --git a/private/traced_probes.te b/private/traced_probes.te
index da9c635..2c4ee9d 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -82,6 +82,10 @@
proc_stat
}:file r_file_perms;
+# Allow access to read /sys/class/devfreq/ and /$DEVICE/cur_freq files
+allow traced_probes sysfs_devfreq_dir:dir r_dir_perms;
+allow traced_probes sysfs_devfreq_cur:file r_file_perms;
+
# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters.
hal_client_domain(traced_probes, hal_health)
hal_client_domain(traced_probes, hal_power_stats)
diff --git a/public/file.te b/public/file.te
index 4353760..13cdc6e 100644
--- a/public/file.te
+++ b/public/file.te
@@ -86,6 +86,8 @@
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_devfreq_cur, fs_type, sysfs_type;
+type sysfs_devfreq_dir, fs_type, sysfs_type;
type sysfs_devices_block, fs_type, sysfs_type;
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dm_verity, fs_type, sysfs_type;