Permit dropping caches from the shell through sys.drop_caches. * Permits setting the sys.drop_caches property from shell. * Permits init to read and write to the drop_caches file. * Can only be set to 3 (drop_caches) and 0 (unset). Bug: 178647679 Test: flashed user build and set property; no avc denials. Test: flashed userdebug build and dropped caches w/o root. Change-Id: Idcedf83f14f6299fab383f042829d8d548fb4f5d

commit: 3ccbebb415f25bd12c3870c378f5794bc7388498 [log] [tgz]
author: Michael Rosenfeld <mrosenfeld@google.com> Wed Feb 10 18:45:35 2021 -0800
committer: Michael Rosenfeld <mrosenfeld@google.com> Fri Mar 19 10:55:51 2021 -0700
tree: 0a5dea2e145657b27e27b52365b6c0130e034c21
parent: bd0268c0200a5d79d9797c90e53b6f525b660bdf [diff] [blame]
diff --git a/private/init.te b/private/init.te
index c652603..2627add 100644
--- a/private/init.te
+++ b/private/init.te

@@ -38,6 +38,9 @@
 # that userdata is mounted onto.
 allow init sysfs_dm:file read;
 
+# Allow init to write to the drop_caches file.
+allow init proc_drop_caches:file rw_file_perms;
+
 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
commit	3ccbebb415f25bd12c3870c378f5794bc7388498	[log] [tgz]
author	Michael Rosenfeld <mrosenfeld@google.com>	Wed Feb 10 18:45:35 2021 -0800
committer	Michael Rosenfeld <mrosenfeld@google.com>	Fri Mar 19 10:55:51 2021 -0700
tree	0a5dea2e145657b27e27b52365b6c0130e034c21
parent	bd0268c0200a5d79d9797c90e53b6f525b660bdf [diff] [blame]