commit 3eabc1d541973f8508437a852798bd9c559017b1
author Marco Ballesio <balejs@google.com> Wed Jan 06 15:14:24 2021 -0800
committer Marco Ballesio <balejs@google.com> Tue Jan 12 10:47:58 2021 -0800
tree 8e67bc53a8759c8c87e0102493829cdfcc5d328a
parent c848de1480513e5491902f89e2ea8e464f7ab134

sepolicy: allow system_server to read /proc/locks

Access to /proc/locks is necessary to activity manager to determine
wheter a process holds a lock or not prior freezing it.

Test: verified access of /proc/locks while testing other CLs in the same
topic.
Bug: 176928302

Change-Id: I14a65da126ff26c6528edae137d3ee85d3611509

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index f509d55..adb1020 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -49,6 +49,7 @@
     power_debug_prop
     power_stats_service
     proc_kallsyms
+    proc_locks
     profcollectd
     profcollectd_data_file
     profcollectd_exec

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 4c6edd6..900b25b 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -14,6 +14,7 @@
 genfscon proc /keys u:object_r:proc_keys:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
 genfscon proc /loadavg u:object_r:proc_loadavg:s0
+genfscon proc /locks u:object_r:proc_locks:s0
 genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 95d7cc7..12fb3fa 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -937,6 +937,7 @@
 allow system_server {
   proc_cmdline
   proc_loadavg
+  proc_locks
   proc_meminfo
   proc_pagetypeinfo
   proc_pipe_conf

public/file.te

diff --git a/public/file.te b/public/file.te
index bee8eb4..ccd65e2 100644
--- a/public/file.te
+++ b/public/file.te
@@ -37,6 +37,7 @@
 type proc_keys, fs_type, proc_type;
 type proc_kmsg, fs_type, proc_type;
 type proc_loadavg, fs_type, proc_type;
+type proc_locks, fs_type, proc_type;
 type proc_lowmemorykiller, fs_type, proc_type;
 type proc_max_map_count, fs_type, proc_type;
 type proc_meminfo, fs_type, proc_type;