Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 6988677f22d4f983dee3a531dfc15337c99032c8^! / . / private
commit6988677f22d4f983dee3a531dfc15337c99032c8[log] [tgz]
authorSuren Baghdasaryan <surenb@google.com>Thu Jul 29 14:29:47 2021 -0700
committerSuren Baghdasaryan <surenb@google.com>Tue Aug 17 17:02:38 2021 +0000
treee43a6603f8f7be2293c51c9f8d358fbb40dda46f
parent16c9c6a55772bdd3a8607cd48be58f1bbcd6f62e [diff]
Allow init to execute extra_free_kbytes.sh script

extra_free_kbytes.sh is used by init to set /sys/vm/watermark_scale_factor
value. Allow init to execute extra_free_kbytes.sh and the script to access
/proc/sys/vm/watermark_scale_factor and /proc/sys/vm/extra_free_kbytes
files.

Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I55ec07e12a1cc5322cfdd4a48d0bdc607f45d832

diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 34f37c2..8010071 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil

@@ -7,6 +7,8 @@
   ( new_objects
     artd_service
     camera2_extensions_prop
+    extra_free_kbytes
+    extra_free_kbytes_exec
     hal_contexthub_service
     hal_system_suspend_service
     hal_tv_tuner_service
@@ -17,6 +19,7 @@
     tare_service
     transformer_service
     proc_watermark_boost_factor
+    proc_watermark_scale_factor
     untrusted_app_30
     proc_vendor_sched
     sysfs_vendor_sched

diff --git a/private/extra_free_kbytes.te b/private/extra_free_kbytes.te
new file mode 100644
index 0000000..af3088b
--- /dev/null
+++ b/private/extra_free_kbytes.te

@@ -0,0 +1,3 @@
+typeattribute extra_free_kbytes coredomain;
+
+init_daemon_domain(extra_free_kbytes)

diff --git a/private/file_contexts b/private/file_contexts
index a5dd5a6..5433726 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -222,6 +222,7 @@
 /system/bin/e2fsdroid		u:object_r:e2fs_exec:s0
 /system/bin/mke2fs		u:object_r:e2fs_exec:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
+/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0
 /system/bin/fsck\.exfat	--	u:object_r:fsck_exec:s0
 /system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
 /system/bin/init		u:object_r:init_exec:s0

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 906dee9..664a3b3 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -87,6 +87,7 @@
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
 genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0
 genfscon proc /sys/vm/watermark_boost_factor u:object_r:proc_watermark_boost_factor:s0
+genfscon proc /sys/vm/watermark_scale_factor u:object_r:proc_watermark_scale_factor:s0
 genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0