Add SELinux policy for using userfaultfd ART runtime will be using userfaultfd for a new heap compaction algorithm. After enabling userfaultfd in android kernels (with SELinux support), the feature needs policy that allows { create ioctl read } operations on userfaultfd file descriptors. Bug: 160737021 Test: Manually tested by exercising userfaultfd ops in ART Change-Id: I9ccb7fa9c25f91915639302715f6197d42ef988e

commit: 06edcd8250a249192981c7fbeea196249394b9ad [log] [tgz]
author: Lokesh Gidra <lokeshgidra@google.com> Thu Mar 11 11:32:47 2021 -0800
committer: Lokesh Gidra <lokeshgidra@google.com> Wed Mar 17 04:57:22 2021 -0700
tree: 14d2d2d49c35789a0bd49b97a642f8d9d303e993
parent: 3d52817da411821e7288c7c9d730fb42fc9a6e64 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 8bee1bf..9ef8363 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -12,6 +12,8 @@
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)
 
+userfaultfd_use(system_server)
+
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
commit	06edcd8250a249192981c7fbeea196249394b9ad	[log] [tgz]
author	Lokesh Gidra <lokeshgidra@google.com>	Thu Mar 11 11:32:47 2021 -0800
committer	Lokesh Gidra <lokeshgidra@google.com>	Wed Mar 17 04:57:22 2021 -0700
tree	14d2d2d49c35789a0bd49b97a642f8d9d303e993
parent	3d52817da411821e7288c7c9d730fb42fc9a6e64 [diff] [blame]