Allow reading process info from /proc.
This is needed for getting CPU time and wall time spent on subprocesses. Otherwise, the following denials will occur:
09-09 15:11:38.635 6137 6137 I binder:6137_1: type=1400 audit(0.0:185): avc: denied { read } for scontext=u:r:artd:s0 tcontext=u:r:dex2oat:s0 tclass=file permissive=1
09-09 15:11:38.635 6137 6137 I binder:6137_1: type=1400 audit(0.0:185): avc: denied { search } for name="6157" dev="proc" ino=57917 scontext=u:r:artd:s0 tcontext=u:r:dex2oat:s0 tclass=dir permissive=1
09-09 15:11:38.635 6137 6137 I binder:6137_1: type=1400 audit(0.0:185): avc: denied { open } for path="/proc/6157/stat" dev="proc" ino=57954 scontext=u:r:artd:s0 tcontext=u:r:dex2oat:s0 tclass=file permissive=1
Bug: 245380798
Test: -
1. adb shell pm art optimize-package -m speed -f \
com.google.android.youtube
2. See CPU time and wall time in the output. No denial occured.
Change-Id: I9c8c98a31e1ac0c9431a721938c7a9c5c3ddc42b
diff --git a/private/artd.te b/private/artd.te
index dc6855e..58fe6ef 100644
--- a/private/artd.te
+++ b/private/artd.te
@@ -77,3 +77,8 @@
# Allow sending sigkill to subprocesses.
allow artd { profman dex2oat }:process sigkill;
+
+# Allow reading process info (/proc/<pid>/...).
+# This is needed for getting CPU time and wall time spent on subprocesses.
+r_dir_file(artd, profman);
+r_dir_file(artd, dex2oat);