sepolicy for vendor cgroups.json and task_profiles.json files Vendors should be able to specify additional cgroups and task profiles without changing system files. Add access rules for /vendor/etc/cgroups.json and /vendor/etc/task_profiles.json files which will augment cgroups and task profiles specified in /etc/cgroups.json and /etc/task_profiles.json system files. As with system files /vendor/etc/cgroups.json is readable only by init process. task_profiles.json is readable by any process that uses cgroups. Bug: 124960615 Change-Id: I12fcff0159b4e7935ce15cc19ae36230da0524fc Signed-off-by: Suren Baghdasaryan <surenb@google.com>

commit: 6155b2fd11b6c56d5fb6507f3c1cf38e4b3ba2c7 [log] [tgz]
author: Suren Baghdasaryan <surenb@google.com> Tue Feb 19 15:02:14 2019 -0800
committer: Suren Baghdasaryan <surenb@google.com> Fri Mar 01 00:32:15 2019 +0000
tree: 2c62590e301ad1f8e780b620eea9c07286097d00
parent: 753225ce9cf1ca1592836936702f38ce8d67d0d6 [diff] [blame]
diff --git a/private/file_contexts b/private/file_contexts
index 988ee25..83be009 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -336,6 +336,8 @@
 /(vendor|system/vendor)/bin/toybox_vendor      u:object_r:vendor_toolbox_exec:s0
 /(vendor|system/vendor)/bin/toolbox            u:object_r:vendor_toolbox_exec:s0
 /(vendor|system/vendor)/etc(/.*)?              u:object_r:vendor_configs_file:s0
+/(vendor|system/vendor)/etc/cgroups\.json      u:object_r:vendor_cgroup_desc_file:s0
+/(vendor|system/vendor)/etc/task_profiles\.json    u:object_r:vendor_task_profiles_file:s0
 
 /(vendor|system/vendor)/lib(64)?/egl(/.*)?     u:object_r:same_process_hal_file:s0
commit	6155b2fd11b6c56d5fb6507f3c1cf38e4b3ba2c7	[log] [tgz]
author	Suren Baghdasaryan <surenb@google.com>	Tue Feb 19 15:02:14 2019 -0800
committer	Suren Baghdasaryan <surenb@google.com>	Fri Mar 01 00:32:15 2019 +0000
tree	2c62590e301ad1f8e780b620eea9c07286097d00
parent	753225ce9cf1ca1592836936702f38ce8d67d0d6 [diff] [blame]