commit 3ccbebb415f25bd12c3870c378f5794bc7388498
author Michael Rosenfeld <mrosenfeld@google.com> Wed Feb 10 18:45:35 2021 -0800
committer Michael Rosenfeld <mrosenfeld@google.com> Fri Mar 19 10:55:51 2021 -0700
tree 0a5dea2e145657b27e27b52365b6c0130e034c21
parent bd0268c0200a5d79d9797c90e53b6f525b660bdf

Permit dropping caches from the shell through sys.drop_caches.

*   Permits setting the sys.drop_caches property from shell.
*   Permits init to read and write to the drop_caches file.
*   Can only be set to 3 (drop_caches) and 0 (unset).

Bug: 178647679
Test: flashed user build and set property; no avc denials.
Test: flashed userdebug build and dropped caches w/o root.
Change-Id: Idcedf83f14f6299fab383f042829d8d548fb4f5d

private/init.te

diff --git a/private/init.te b/private/init.te
index c652603..2627add 100644
--- a/private/init.te
+++ b/private/init.te
@@ -38,6 +38,9 @@
 # that userdata is mounted onto.
 allow init sysfs_dm:file read;
 
+# Allow init to write to the drop_caches file.
+allow init proc_drop_caches:file rw_file_perms;
+
 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
 

private/property.te

diff --git a/private/property.te b/private/property.te
index de0caa4..e357b11 100644
--- a/private/property.te
+++ b/private/property.te
@@ -23,6 +23,7 @@
 system_internal_prop(net_connectivity_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(odsign_prop)
+system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index a3cd9e0..e637665 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -260,6 +260,10 @@
 # Property that is set once ueventd finishes cold boot.
 ro.cold_boot_done       u:object_r:cold_boot_done_prop:s0
 
+# Properties that control performance operations.
+# Leave space to later set drop_caches to 1, 2, and 4.
+perf.drop_caches        u:object_r:perf_drop_caches_prop:s0 exact enum 0 3
+
 # Charger properties
 ro.charger.                 u:object_r:charger_prop:s0
 sys.boot_from_charger_mode  u:object_r:charger_status_prop:s0 exact int

private/shell.te

diff --git a/private/shell.te b/private/shell.te
index a99ada8..66e2d4d 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -121,6 +121,7 @@
 set_prop(shell, dumpstate_prop)
 set_prop(shell, exported_dumpstate_prop)
 set_prop(shell, debug_prop)
+set_prop(shell, perf_drop_caches_prop)
 set_prop(shell, powerctl_prop)
 set_prop(shell, log_tag_prop)
 set_prop(shell, wifi_log_prop)
@@ -189,3 +190,7 @@
 
 # Allow shell to read Virtual A/B related properties
 get_prop(shell, virtual_ab_prop)
+
+# Never allow others to set or get the perf.drop_caches property.
+neverallow { domain -shell -init } perf_drop_caches_prop:property_service set;
+neverallow { domain -shell -init -dumpstate } perf_drop_caches_prop:file read;