Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 4da970f372494f43395ea8ff1a9d3a5ddea8d82a^! / .
commit4da970f372494f43395ea8ff1a9d3a5ddea8d82a[log] [tgz]
authorSuren Baghdasaryan <surenb@google.com>Sun Nov 17 14:41:33 2019 -0800
committerSuren Baghdasaryan <surenb@google.com>Tue Dec 17 18:36:25 2019 +0000
tree2f149088df20e14e29010f3f6dd10d8188ec7e33
parentf1f79242f309bd397d7ae9bf1f730f762f82ee5d [diff]
allow system_server to access files under /sys/kernel/ion/

In order for system_server to report ION allocations in dumpsys meminfo
report it needs access to ION sysfs nodes.

Bug: 138148041
Test: dumpsys meminfo
Change-Id: I8b1efebe8f4b06a3975e96ddd6a8cbcacdb52fb2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>

diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 5eddc4e..c62edd5 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil

@@ -1744,6 +1744,7 @@
 (typeattributeset swap_block_device_29_0 (swap_block_device))
 (typeattributeset sysfs_29_0
   ( sysfs
+    sysfs_ion
     sysfs_suspend_stats
     sysfs_wakeup))
 (typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 855f2d6..e33031a 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -139,6 +139,7 @@
 genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
 genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
 genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
+genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
 genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0

diff --git a/private/system_server.te b/private/system_server.te
index 5bd4d9d..c9ed298 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -157,6 +157,9 @@
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs_wakeup_sources:file r_file_perms;
 
+# Read /sys/kernel/ion/*.
+allow system_server sysfs_ion:file r_file_perms;
+
 # The DhcpClient and WifiWatchdog use packet_sockets
 allow system_server self:packet_socket create_socket_perms_no_ioctl;
 

diff --git a/public/file.te b/public/file.te
index 5a5bd8c..9041894 100644
--- a/public/file.te
+++ b/public/file.te

@@ -83,6 +83,7 @@
 type sysfs_dm, fs_type, sysfs_type;
 type sysfs_dt_firmware_android, fs_type, sysfs_type;
 type sysfs_extcon, fs_type, sysfs_type;
+type sysfs_ion, fs_type, sysfs_type;
 type sysfs_ipv4, fs_type, sysfs_type;
 type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_leds, fs_type, sysfs_type;