[sepolicy] allow system server to read incfs metrics from sysfs Address denial messages like: 05-05 05:02:21.480 1597 1597 W Binder:1597_12: type=1400 audit(0.0:140): avc: denied { read } for name="reads_delayed_min" dev="sysfs" ino=107358 scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 BUG: 184844615 Test: atest android.cts.statsdatom.incremental.AppErrorAtomTests#testAppCrashOnIncremental Change-Id: I201e27e48a08f99f41a030e06c6f22518294e056

commit: 633f7ca8688524b9df687dc1e23c4956e5bac360 [log] [tgz]
author: Songchun Fan <schfan@google.com> Tue May 04 22:40:23 2021 -0700
committer: Songchun Fan <schfan@google.com> Tue May 04 22:56:41 2021 -0700
tree: 4fa39e4b008f7acd5079874dc860adb9268a5225
parent: 6c03124c3c76df773240c6b7d0f2c2f0dc8a3ef5 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index caf5208..c20a5e5 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -46,6 +46,9 @@
   INCFS_IOCTL_GET_BLOCK_COUNT
 };
 
+# For Incremental Service to check incfs metrics
+allow system_server sysfs_fs_incfs_metrics:file r_file_perms;
+
 # For art.
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
commit	633f7ca8688524b9df687dc1e23c4956e5bac360	[log] [tgz]
author	Songchun Fan <schfan@google.com>	Tue May 04 22:40:23 2021 -0700
committer	Songchun Fan <schfan@google.com>	Tue May 04 22:56:41 2021 -0700
tree	4fa39e4b008f7acd5079874dc860adb9268a5225
parent	6c03124c3c76df773240c6b7d0f2c2f0dc8a3ef5 [diff] [blame]