Allow only system_server to read uid_time_in_state Bug: 62706738 Bug: 34133340 Test: Check that uid_time_in_state can't be read from the shell without root permissions and that "dumpsys batterystats --checkin| grep ctf" shows frequency data (system_server was able to read uid_time_in_state) Change-Id: Ic6a54da4ebcc9e10b0e3af8f14a45d7408e8686e

commit: 4dc88795d0906148e3414688fa81481b4edaacff [log] [tgz]
author: Andres Oportus <andresoportus@google.com> Wed Jun 07 10:39:11 2017 -0700
committer: Andres Oportus <andresoportus@google.com> Fri Jun 16 11:54:47 2017 -0700
tree: b184aea2d984b3a412ab06b4e05864132e975485
parent: 06560717a78a5346fc64100ba57b21321b96b33d [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 2bfd4cd..243ad23 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -130,6 +130,9 @@
 # Write /proc/uid_procstat/set.
 allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
 
+# Read /proc/uid_time_in_state.
+allow system_server proc_uid_time_in_state:file r_file_perms;
+
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
commit	4dc88795d0906148e3414688fa81481b4edaacff	[log] [tgz]
author	Andres Oportus <andresoportus@google.com>	Wed Jun 07 10:39:11 2017 -0700
committer	Andres Oportus <andresoportus@google.com>	Fri Jun 16 11:54:47 2017 -0700
tree	b184aea2d984b3a412ab06b4e05864132e975485
parent	06560717a78a5346fc64100ba57b21321b96b33d [diff] [blame]