Merge "Update freeze test level along with finalization" into main

commit: 1de0c9f5e0b851657bb7a74ce5f729b3c544161d [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Wed Jan 15 01:25:52 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jan 15 01:25:52 2025 -0800
tree: 0d404298cbf6e5310d08d103ec39abf4319d708d
parent: fd4ae7cab1ca85b121f04f945e181e5a072cd295 [diff]
parent: 910b9729b5bfe3f3e6a259d7032772d6c7f72f6e [diff]
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index fcaf9f6..2e72866 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test

@@ -435,6 +435,7 @@
 /system/bin/virtual_touchpad                                      virtual_touchpad_exec
 /system/bin/hw/android.frameworks.bufferhub@1.0-service           fwk_bufferhub_exec
 /system/bin/hw/android.system.suspend-service                     system_suspend_exec
+/system/bin/memcgv2_activation_depth.sh                           memcgv2_activation_depth_exec
 /system/etc/aconfig                                               system_aconfig_storage_file
 /system/etc/cgroups.json                                          cgroup_desc_file
 /system/etc/task_profiles/cgroups_0.json                          cgroup_desc_file
@@ -1297,6 +1298,8 @@
 /metadata/tradeinmode/test                                        tradeinmode_metadata_file
 /metadata/prefetch                                                prefetch_metadata_file
 /metadata/prefetch/test                                           prefetch_metadata_file
+/metadata/libprocessgroup                                         libprocessgroup_metadata_file
+/metadata/libprocessgroup/test                                    libprocessgroup_metadata_file
 
 /mnt/asec                                                         asec_apk_file
 /mnt/asec/test                                                    asec_apk_file

diff --git a/private/domain.te b/private/domain.te
index 6aaf5de..31b544b 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -430,6 +430,8 @@
 allow domain task_profiles_file:file r_file_perms;
 allow domain vendor_cgroup_desc_file:file r_file_perms;
 allow domain vendor_task_profiles_file:file r_file_perms;
+allow domain libprocessgroup_metadata_file:dir r_dir_perms;
+allow domain libprocessgroup_metadata_file:file r_file_perms;
 
 # Allow all domains to read sys.use_memfd to determine
 # if memfd support can be used if device supports it

diff --git a/private/file.te b/private/file.te
index b60ce34..3a66143 100644
--- a/private/file.te
+++ b/private/file.te

@@ -231,6 +231,9 @@
 # /metadata/prefetch files
 type prefetch_metadata_file, file_type;
 
+# /metadata/libprocessgroup files
+type libprocessgroup_metadata_file, file_type;
+
 # Types added in 202504 in public/file.te
 until_board_api(202504, `
     type binderfs_logs_transactions, fs_type;

diff --git a/private/file_contexts b/private/file_contexts
index 7e7ae7c..7ef3226 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -364,6 +364,7 @@
 /system/bin/virtual_camera          u:object_r:virtual_camera_exec:s0
 /system/bin/hw/android\.frameworks\.bufferhub@1\.0-service    u:object_r:fwk_bufferhub_exec:s0
 /system/bin/hw/android\.system\.suspend-service               u:object_r:system_suspend_exec:s0
+/system/bin/memcgv2_activation_depth\.sh u:object_r:memcgv2_activation_depth_exec:s0
 /system/etc/aconfig(/.*)?               u:object_r:system_aconfig_storage_file:s0
 /system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
 /system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_file:s0
@@ -901,6 +902,7 @@
 /metadata/aconfig/flags(/.*)?    u:object_r:aconfig_storage_flags_metadata_file:s0
 /metadata/tradeinmode(/.*)?    u:object_r:tradeinmode_metadata_file:s0
 /metadata/prefetch(/.*)?    u:object_r:prefetch_metadata_file:s0
+/metadata/libprocessgroup(/.*)?    u:object_r:libprocessgroup_metadata_file:s0
 
 ############################
 # mount point for ota metadata

diff --git a/private/memcgv2_activation_depth.te b/private/memcgv2_activation_depth.te
new file mode 100644
index 0000000..80378d3
--- /dev/null
+++ b/private/memcgv2_activation_depth.te

@@ -0,0 +1,26 @@
+# The memcgv2_activation_depth.sh script run by init.
+
+type memcgv2_activation_depth, domain, coredomain;
+type memcgv2_activation_depth_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(memcgv2_activation_depth)
+
+# required permissions to run the script from init
+allow memcgv2_activation_depth shell_exec:file rx_file_perms;
+allow memcgv2_activation_depth system_file:file x_file_perms;
+allow memcgv2_activation_depth toolbox_exec:file rx_file_perms;
+
+# for system default max activation depth
+allow memcgv2_activation_depth cgroup_desc_file:file r_file_perms;
+
+# /metadata/libprocessgroup/*
+allow memcgv2_activation_depth libprocessgroup_metadata_file:dir rw_dir_perms;
+allow memcgv2_activation_depth libprocessgroup_metadata_file:file create_file_perms;
+
+# /sys/fs/cgroup/cgroup.controllers
+# /sys/fs/cgroup/**/cgroup.subtree_control
+allow memcgv2_activation_depth cgroup_v2:dir r_dir_perms;
+allow memcgv2_activation_depth cgroup_v2:file rw_file_perms;
+
+# For reboot, when reducing the depth override
+set_prop(memcgv2_activation_depth, powerctl_prop)
commit	1de0c9f5e0b851657bb7a74ce5f729b3c544161d	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Wed Jan 15 01:25:52 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jan 15 01:25:52 2025 -0800
tree	0d404298cbf6e5310d08d103ec39abf4319d708d
parent	fd4ae7cab1ca85b121f04f945e181e5a072cd295 [diff]
parent	910b9729b5bfe3f3e6a259d7032772d6c7f72f6e [diff]