Allow system server read binderfs stats
When receiving the binder transaction errors reported by Android
applications, AMS needs a way to verify that information. Currently
Linux kernel doesn't provide such an API. Use binderfs instead until
kernel binder driver adds that functionality in the future.
Bug: 199336863
Test: send binder calls to frozen apps and check logcat
Test: take bugreport and check binder stats logs
Change-Id: I3bab3d4f35616b4a7b99d6ac6dc79fb86e7f28d4
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 2d1aea0..69902d8 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -20,4 +20,5 @@
proc_memhealth
virtual_device_native_service
next_boot_prop
+ binderfs_logs_stats
))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3ec6ab1..17db46a 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -392,6 +392,7 @@
genfscon binder /vndbinder u:object_r:vndbinder_device:s0
genfscon binder /binder_logs u:object_r:binderfs_logs:s0
genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
+genfscon binder /binder_logs/stats u:object_r:binderfs_logs_stats:s0
genfscon binder /features u:object_r:binderfs_features:s0
genfscon inotifyfs / u:object_r:inotify:s0
diff --git a/private/system_server.te b/private/system_server.te
index f9627e3..0856bd6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1539,3 +1539,7 @@
# Allow system server to set dynamic ART properties.
set_prop(system_server, dalvik_dynamic_config_prop)
+
+# Allow system server to read binderfs
+allow system_server binderfs_logs:dir r_dir_perms;
+allow system_server binderfs_logs_stats:file r_file_perms;