Relabel /proc/kpageflags and grant access to heapprofd.
Bug: 132952543
Change-Id: I3d956ba7279af37d783515c0bf649e6fb94c3082
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index d8bc4c3..5a4b819 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1379,6 +1379,7 @@
( proc
proc_fs_verity
proc_keys
+ proc_kpageflags
proc_lowmemorykiller
proc_pressure_cpu
proc_pressure_io
diff --git a/private/genfs_contexts b/private/genfs_contexts
index cc00c2f..2a8f7ad 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -33,6 +33,7 @@
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /swaps u:object_r:proc_swaps:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
+genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 5330c58..fca3c58 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -50,6 +50,8 @@
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
+
+ allow heapprofd proc_kpageflags:file r_file_perms;
')
# This is going to happen on user but is benign because central heapprofd