Revert "sepolicy: rules for uid/pid cgroups v2 hierarchy" Revert submission 1511692-cgroup v2 uid/pid hierarchy Reason for revert: Causing intermittent cgroup kernel panics Reverted Changes: I80c2a069b:sepolicy: rules for uid/pid cgroups v2 hierarchy I73f3e767d:libprocessgroup: uid/pid hierarchy for cgroup v2 Bug: 174776875 Change-Id: I63a03bb43d87c9aa564b1436a45fd5ec023aac87 Test: Locally reverted and booted 100 times without kernel panic

commit: 51c04ac27b329db75ea1e20bd238147c12c96cf4 [log] [tgz]
author: Jonglin Lee <jonglin@google.com> Fri Dec 04 03:12:59 2020 +0000
committer: Jonglin Lee <jonglin@google.com> Fri Dec 04 03:12:59 2020 +0000
tree: e0f5f00085cfc665a242dfe93b88891b5cda384e
parent: f46d7a26c19d87e0d39de9504bc6e6ad6fb1aedb [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 9406384..78abdff 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -839,7 +839,6 @@
 
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };
-allow system_server cgroup_v2:dir { remove_name rmdir };
 
 # /oem access
 r_dir_file(system_server, oemfs)
@@ -918,8 +917,9 @@
 allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
-r_dir_file(system_server, cgroup_v2)
 allow system_server ion_device:chr_file r_file_perms;
+allow system_server cgroup_v2:dir rw_dir_perms;
+allow system_server cgroup_v2:file rw_file_perms;
 
 # Access to /dev/dma_heap/system
 allow system_server dmabuf_system_heap_device:chr_file r_file_perms;
commit	51c04ac27b329db75ea1e20bd238147c12c96cf4	[log] [tgz]
author	Jonglin Lee <jonglin@google.com>	Fri Dec 04 03:12:59 2020 +0000
committer	Jonglin Lee <jonglin@google.com>	Fri Dec 04 03:12:59 2020 +0000
tree	e0f5f00085cfc665a242dfe93b88891b5cda384e
parent	f46d7a26c19d87e0d39de9504bc6e6ad6fb1aedb [diff] [blame]