Add new perfmon capability2 and use it There are probably more cases but this one blocks presubmit for cuttlefish with mainline kernels. Bug: 158304247 Change-Id: I6d769b16a230a113a804df61f8de4dcbce2193b6

commit: 178f0ac675da285ff075a451ab8a84d47d416643 [log] [tgz]
author: Alistair Delva <adelva@google.com> Fri Jun 05 10:15:30 2020 -0700
committer: Alistair Delva <adelva@google.com> Fri Jun 05 10:15:31 2020 -0700
tree: 53c87b10bfc38884910bf1b9343272bc16070679
parent: 641cffeb0e7cd7c5c893ac67f1160ede379eeb57 [diff]
diff --git a/private/access_vectors b/private/access_vectors
index 4144be8..f41eadd 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -138,6 +138,7 @@
 	wake_alarm
 	block_suspend
 	audit_read
+	perfmon
 }
 
 #

diff --git a/private/init.te b/private/init.te
index b0e7f80..7a2e0b3 100644
--- a/private/init.te
+++ b/private/init.te

@@ -51,6 +51,7 @@
 # kernels that precede the perf_event_open hooks (Android common kernels 4.4
 # and 4.9).
 allow init self:perf_event { open cpu };
+allow init self:global_capability2_class_set perfmon;
 neverallow init self:perf_event { kernel tracepoint read write };
 dontaudit init self:perf_event { kernel tracepoint read write };
commit	178f0ac675da285ff075a451ab8a84d47d416643	[log] [tgz]
author	Alistair Delva <adelva@google.com>	Fri Jun 05 10:15:30 2020 -0700
committer	Alistair Delva <adelva@google.com>	Fri Jun 05 10:15:31 2020 -0700
tree	53c87b10bfc38884910bf1b9343272bc16070679
parent	641cffeb0e7cd7c5c893ac67f1160ede379eeb57 [diff]