sepolicy: rules for uid/pid cgroups v2 hierarchy Bug: 168907513 Test: verified the correct working of the v2 uid/pid hierarchy in normal and recovery modes This reverts commit aa8bb3a29b92a342c42c802edac269da5984d1df. Change-Id: Ib344d500ea49b86e862e223ab58a16601eebef47

commit: aa4ce95c6f601c5fa901a12d9f366440bf56c7e2 [log] [tgz]
author: Marco Ballesio <balejs@google.com> Thu Feb 11 15:18:11 2021 -0800
committer: Marco Ballesio <balejs@google.com> Thu Feb 11 23:40:38 2021 +0000
tree: 207658ec84cfd29a88b35b9f82215797beee7f65
parent: e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index e1919e2..1db7082 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -889,6 +889,7 @@
 
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };
+allow system_server cgroup_v2:dir { remove_name rmdir };
 
 # /oem access
 r_dir_file(system_server, oemfs)
@@ -967,9 +968,8 @@
 allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir };
 
 r_dir_file(system_server, cgroup)
+r_dir_file(system_server, cgroup_v2)
 allow system_server ion_device:chr_file r_file_perms;
-allow system_server cgroup_v2:dir rw_dir_perms;
-allow system_server cgroup_v2:file rw_file_perms;
 
 # Access to /dev/dma_heap/system
 allow system_server dmabuf_system_heap_device:chr_file r_file_perms;
commit	aa4ce95c6f601c5fa901a12d9f366440bf56c7e2	[log] [tgz]
author	Marco Ballesio <balejs@google.com>	Thu Feb 11 15:18:11 2021 -0800
committer	Marco Ballesio <balejs@google.com>	Thu Feb 11 23:40:38 2021 +0000
tree	207658ec84cfd29a88b35b9f82215797beee7f65
parent	e8d2732651edfaf9f32df039216cbf54f247e9ec [diff] [blame]