commit 2712c90263325fbd98aa8702c97bd21c0f66ec03
author Shintaro Kawamura <kawasin@google.com> Thu Nov 21 11:59:17 2024 +0900
committer Shintaro Kawamura <kawasin@google.com> Thu Nov 21 12:01:13 2024 +0900
tree de761823bef85494f0b7b04120852161d692f260
parent 9c7d306429f3ef12ce53fdf5ee868cf75c91d8e2

Add sepolicy for mmd to execute zram maintenance

mmd reads /proc/meminfo to calculate idle duration
(https://r.android.com/c/3350507).

ZramMaintenance.java of system_server calls binder API of mmd
(https://r.android.com/3342055).

Bug: 375432468
Test: manual

Change-Id: Idd3dd2cd93402affd0655b4edc912ab10b3b7755

private/mmd.te

diff --git a/private/mmd.te b/private/mmd.te
index 4955d13..193c307 100644
--- a/private/mmd.te
+++ b/private/mmd.te
@@ -8,3 +8,10 @@
 # mmd binder setup
 add_service(mmd, mmd_service)
 binder_use(mmd)
+
+# zram sysfs access
+allow mmd sysfs_zram:dir search;
+allow mmd sysfs_zram:file rw_file_perms;
+
+# procfs
+allow mmd proc_meminfo:file r_file_perms;

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 044edc1..aeeb566 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -293,6 +293,7 @@
 binder_call(system_server, idmap)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
+binder_call(system_server, mmd)
 binder_call(system_server, netd)
 binder_call(system_server, ot_daemon)
 userdebug_or_eng(`binder_call(system_server, profcollectd)')
@@ -393,6 +394,7 @@
   mediaswcodec
   mediatranscoding
   mediatuner
+  mmd
   netd
   sdcardd
   servicemanager
@@ -1006,6 +1008,7 @@
 allow system_server mediaextractor_service:service_manager find;
 allow system_server mediadrmserver_service:service_manager find;
 allow system_server mediatuner_service:service_manager find;
+allow system_server mmd_service:service_manager find;
 allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server ot_daemon_service:service_manager find;