Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app.
perf_event_max_sample_rate is needed to be read for native profiling,
otherwise CTS test can fail on devices with kernel >= 4.4. Before this CL,
the file is not readable from untrusted_app domain. This CL makes it readable
from both shell domain and untrusted_app domain.
Bug: http://b/35554543
Test: build and test on marlin.
Change-Id: Id118e06e3c800b70a749ab112e07a4ec24bb5975
diff --git a/private/genfs_contexts b/private/genfs_contexts
index e84b494..7873367 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -22,6 +22,7 @@
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
diff --git a/public/domain.te b/public/domain.te
index b8004ac..19243a6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -118,6 +118,9 @@
# jemalloc needs to read /proc/sys/vm/overcommit_memory
allow domain proc_overcommit_memory:file r_file_perms;
+# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
+allow domain proc_perf:file r_file_perms;
+
# toybox loads libselinux which stats /sys/fs/selinux/
allow domain selinuxfs:dir search;
allow domain selinuxfs:file getattr;
diff --git a/public/file.te b/public/file.te
index 72f30f4..2936d65 100644
--- a/public/file.te
+++ b/public/file.te
@@ -18,6 +18,7 @@
type proc_meminfo, fs_type;
type proc_misc, fs_type;
type proc_net, fs_type;
+type proc_perf, fs_type;
type proc_stat, fs_type;
type proc_sysrq, fs_type;
type proc_timer, fs_type;