Adjust sepolicy for memevents with lmkd and system_server
Test: Verified memevents integration with LMKD works
Test: Verified memevents integration with AMS works
Bug: 330396528
Change-Id: Id40d427114074d23264a13ad6edbd643f39cdb14
Signed-off-by: Carlos Galo <carlosgalo@google.com>
diff --git a/private/system_server.te b/private/system_server.te
index 0385df3..ac20527 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1236,6 +1236,10 @@
# calls if (fd.isSocket$()) if (isLingerSocket(fd)) ...
dontaudit system_server self:key_socket getopt;
+# Needed to interact with memevents-eBPF and receive notifications for memory events
+allow system_server fs_bpf_memevents:dir search;
+allow system_server fs_bpf_memevents:file { read write };
+
# Allow system_server to start clatd in its own domain and kill it.
domain_auto_trans(system_server, clatd_exec, clatd)
allow system_server clatd:process { sigkill signal };