Merge "Add new perfmon capability2 and use it" am: 70c1a15b6f am: c53d83d2e9 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1324753 Change-Id: I2aaf310653ab2acfa3030e2460f9c69aa4f289d4

commit: 9194453ad4faec7598fc3ca9cbd3e7f773a3c2b9 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Jun 08 18:12:19 2020 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jun 08 18:12:19 2020 +0000
tree: 6143252ef7e5dd806de5a476c96f773258b6aaaf
parent: 3b2ffc291efaf1bc6dc3b0be98143dd7897c98c2 [diff]
parent: c53d83d2e93d0c18651d6fd70fcf4b82c38b5683 [diff]
diff --git a/private/access_vectors b/private/access_vectors
index 4144be8..f41eadd 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -138,6 +138,7 @@
 	wake_alarm
 	block_suspend
 	audit_read
+	perfmon
 }
 
 #

diff --git a/private/init.te b/private/init.te
index b0e7f80..7a2e0b3 100644
--- a/private/init.te
+++ b/private/init.te

@@ -51,6 +51,7 @@
 # kernels that precede the perf_event_open hooks (Android common kernels 4.4
 # and 4.9).
 allow init self:perf_event { open cpu };
+allow init self:global_capability2_class_set perfmon;
 neverallow init self:perf_event { kernel tracepoint read write };
 dontaudit init self:perf_event { kernel tracepoint read write };
commit	9194453ad4faec7598fc3ca9cbd3e7f773a3c2b9	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Jun 08 18:12:19 2020 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jun 08 18:12:19 2020 +0000
tree	6143252ef7e5dd806de5a476c96f773258b6aaaf
parent	3b2ffc291efaf1bc6dc3b0be98143dd7897c98c2 [diff]
parent	c53d83d2e93d0c18651d6fd70fcf4b82c38b5683 [diff]