sepolicy support for cgroup v2 cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy will be mounted by init under /sys/fs/cgroup hence proper access rights are necessary for sysfs. After mounting, the cgroup v2 kernfs will use the label cgroup_v2 and system_manager will handle the freezer Bug: 154548692 Test: verified that files undes sysfs and cgroup v2 kernfs are accessed as required to allow proper functioning for the freezer. Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960

commit: 8f280b08474ae356423830fc27d6e08fdf66ea75 [log] [tgz]
author: Marco Ballesio <balejs@google.com> Wed May 27 14:10:39 2020 -0700
committer: Marco Ballesio <balejs@google.com> Mon Aug 17 09:49:10 2020 -0700
tree: b6c847ae1bf356fb112188d920869fb5e0f16de0
parent: f5f23b7e03864617d00d52891a3abcdc495ca6bb [diff]
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 44d7535..8804303 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil

@@ -1,4 +1,5 @@
 ;; types removed from current policy
+(type cgroup_bpf)
 (type exported_audio_prop)
 (type exported_dalvik_prop)
 (type exported_ffs_prop)

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index bcb571d..ada1bcf 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -16,5 +16,5 @@
     profcollectd_data_file
     profcollectd_exec
     profcollectd_service
-    update_engine_stable_service))
-
+    update_engine_stable_service
+    cgroup_v2))
commit	8f280b08474ae356423830fc27d6e08fdf66ea75	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Wed May 27 14:10:39 2020 -0700
committer	Marco Ballesio <balejs@google.com>	Mon Aug 17 09:49:10 2020 -0700
tree	b6c847ae1bf356fb112188d920869fb5e0f16de0
parent	f5f23b7e03864617d00d52891a3abcdc495ca6bb [diff]