Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 55c17f2f3e0c2fe488abe45d2cd47e2f6de2c511^! / . / private
commit55c17f2f3e0c2fe488abe45d2cd47e2f6de2c511[log] [tgz]
authorT.J. Mercier <tjmercier@google.com>Thu Oct 17 22:21:21 2024 +0000
committerT.J. Mercier <tjmercier@google.com>Fri Oct 18 03:39:39 2024 +0000
treeb0e86d6d4c1aedc17c89c1f12477f23d7c34bcd0
parent852d19b5d2369a57a91c08d962f119871e647408 [diff]
Collapse cgroup_desc_api_file into cgroup_desc_file

If ro.product.first_api_level is set, we first attempt to read
cgroup_desc_api_file before also reading cgroup_desc_file. There is
currently no point distinguishing between the API file and the regular
file in sepolicy.

Bug: 349105928
Change-Id: I8c2b554f594a01bdae1cf9994dc1eaadb91ad774

diff --git a/private/domain.te b/private/domain.te
index c9a8b63..5b1364d 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -425,7 +425,6 @@
 allow { domain -appdomain -rs } cgroup_v2:file w_file_perms;
 
 allow domain cgroup_desc_file:file r_file_perms;
-allow domain cgroup_desc_api_file:file r_file_perms;
 allow domain cgroup_rc_file:dir search;
 allow domain cgroup_rc_file:file r_file_perms;
 allow domain task_profiles_file:file r_file_perms;
@@ -1234,7 +1233,6 @@
   } {
     system_file_type
     -cgroup_desc_file
-    -cgroup_desc_api_file
     -crash_dump_exec
     -file_contexts_file
     -netutils_wrapper_exec

diff --git a/private/file_contexts b/private/file_contexts
index 496e954..a70e143 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -365,7 +365,7 @@
 /system/bin/rkp_cert_processor          u:object_r:rkp_cert_processor_exec:s0
 /system/etc/aconfig(/.*)?               u:object_r:system_aconfig_storage_file:s0
 /system/etc/cgroups\.json               u:object_r:cgroup_desc_file:s0
-/system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_api_file:s0
+/system/etc/task_profiles/cgroups_[0-9]+\.json               u:object_r:cgroup_desc_file:s0
 /system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
 /system/etc/font_fallback.xml           u:object_r:system_font_fallback_file:s0
 /system/etc/group                       u:object_r:system_group_file:s0

diff --git a/private/init.te b/private/init.te
index dbb3f02..a3adab5 100644
--- a/private/init.te
+++ b/private/init.te

@@ -237,7 +237,6 @@
 allow init cgroup:file rw_file_perms;
 allow init cgroup_rc_file:file rw_file_perms;
 allow init cgroup_desc_file:file r_file_perms;
-allow init cgroup_desc_api_file:file r_file_perms;
 allow init vendor_cgroup_desc_file:file r_file_perms;
 allow init cgroup_v2:dir { mounton create_dir_perms};
 allow init cgroup_v2:file rw_file_perms;

diff --git a/private/shell.te b/private/shell.te
index a6e9975..0f1ad75 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -403,7 +403,6 @@
 
 r_dir_file(shell, cgroup)
 allow shell cgroup_desc_file:file r_file_perms;
-allow shell cgroup_desc_api_file:file r_file_perms;
 allow shell vendor_cgroup_desc_file:file r_file_perms;
 r_dir_file(shell, cgroup_v2)
 allow shell domain:dir { search open read getattr };