commit 251591fa049cb40132a721584a0e5cf2aa5512c8
author Tim Murray <timmurray@google.com> Thu Feb 14 09:26:46 2019 -0800
committer Suren Baghdasaryan <surenb@google.com> Thu Mar 28 22:11:25 2019 +0000
tree 8d252e3de62439a3f282eda60dac4247ebd3b066
parent 93b81f30aee94c686fab41e79529d5f4f3dbea9a

sepolicy: Grant system_server and init access to /proc/pressure/memory

Need ability for system components to access psi memory pressure file.
Add required permissions for system_server and init to access
/proc/pressure/memory file.

Bug: 129476847
Test: system_server can read /proc/pressure/memory
Change-Id: I10ce4f4fe0e3618fa77539e93246d0aae933082c
Signed-off-by: Tim Murray <timmurray@google.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index bf9c950..6dcecad 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1024,6 +1024,9 @@
 allow system_server password_slot_metadata_file:dir rw_dir_perms;
 allow system_server password_slot_metadata_file:file create_file_perms;
 
+# Read/Write /proc/pressure/memory
+allow system_server proc_pressure_mem:file rw_file_perms;
+
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

public/init.te

diff --git a/public/init.te b/public/init.te
index 6cbb164..177005f 100644
--- a/public/init.te
+++ b/public/init.te
@@ -553,6 +553,9 @@
 # Allow calls from init to apexd
 allow init apexd:binder call;
 
+# Allow init to touch PSI monitors
+allow init proc_pressure_mem:file { rw_file_perms setattr };
+
 ###
 ### neverallow rules
 ###