sepolicy support for cgroup v2 cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy will be mounted by init under /sys/fs/cgroup hence proper access rights are necessary for sysfs. After mounting, the cgroup v2 kernfs will use the label cgroup_v2 and system_manager will handle the freezer Bug: 154548692 Test: verified that files undes sysfs and cgroup v2 kernfs are accessed as required to allow proper functioning for the freezer. Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960

commit: 8f280b08474ae356423830fc27d6e08fdf66ea75 [log] [tgz]
author: Marco Ballesio <balejs@google.com> Wed May 27 14:10:39 2020 -0700
committer: Marco Ballesio <balejs@google.com> Mon Aug 17 09:49:10 2020 -0700
tree: b6c847ae1bf356fb112188d920869fb5e0f16de0
parent: f5f23b7e03864617d00d52891a3abcdc495ca6bb [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 23b710a..26b728f 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -930,6 +930,8 @@
 
 r_dir_file(system_server, cgroup)
 allow system_server ion_device:chr_file r_file_perms;
+allow system_server cgroup_v2:dir r_dir_perms;
+allow system_server cgroup_v2:file rw_file_perms;
 
 r_dir_file(system_server, proc_asound)
 r_dir_file(system_server, proc_net_type)
commit	8f280b08474ae356423830fc27d6e08fdf66ea75	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Wed May 27 14:10:39 2020 -0700
committer	Marco Ballesio <balejs@google.com>	Mon Aug 17 09:49:10 2020 -0700
tree	b6c847ae1bf356fb112188d920869fb5e0f16de0
parent	f5f23b7e03864617d00d52891a3abcdc495ca6bb [diff] [blame]