commit 178f0ac675da285ff075a451ab8a84d47d416643
author Alistair Delva <adelva@google.com> Fri Jun 05 10:15:30 2020 -0700
committer Alistair Delva <adelva@google.com> Fri Jun 05 10:15:31 2020 -0700
tree 53c87b10bfc38884910bf1b9343272bc16070679
parent 641cffeb0e7cd7c5c893ac67f1160ede379eeb57

Add new perfmon capability2 and use it

There are probably more cases but this one blocks presubmit
for cuttlefish with mainline kernels.

Bug: 158304247
Change-Id: I6d769b16a230a113a804df61f8de4dcbce2193b6

private/init.te

diff --git a/private/init.te b/private/init.te
index b0e7f80..7a2e0b3 100644
--- a/private/init.te
+++ b/private/init.te
@@ -51,6 +51,7 @@
 # kernels that precede the perf_event_open hooks (Android common kernels 4.4
 # and 4.9).
 allow init self:perf_event { open cpu };
+allow init self:global_capability2_class_set perfmon;
 neverallow init self:perf_event { kernel tracepoint read write };
 dontaudit init self:perf_event { kernel tracepoint read write };