Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / f46d7a26c19d87e0d39de9504bc6e6ad6fb1aedb
commitf46d7a26c19d87e0d39de9504bc6e6ad6fb1aedb[log] [tgz]
authorMarco Ballesio <balejs@google.com>Wed Nov 25 14:02:56 2020 -0800
committerMarco Ballesio <balejs@google.com>Mon Nov 30 11:46:14 2020 -0800
tree0295316918f3c18962b3b4ba966f56c71967705a
parentaff923a4697b2109b8a887d5db1fc3be7c5c3c5d [diff]
sepolicy: rules for uid/pid cgroups v2 hierarchy

the cgroups v2 uid/gid hierarchy will replace cgroup for all sepolicy
rules. For this reason, old rules have to be duplicated to cgroup_v2,
plus some rules must be added to allow the ownership change for cgroup
files created by init and zygote.

Test: booted device, verified correct access from init, system_server
and zygote to the uid/pid cgroup files

Change-Id: I80c2a069b0fb409b442e1160148ddc48e31d6809
35 files changed
tree: 0295316918f3c18962b3b4ba966f56c71967705a
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. METADATA
  19. MODULE_LICENSE_PUBLIC_DOMAIN
  20. NOTICE
  21. OWNERS
  22. policy_version.mk
  23. PREUPLOAD.cfg
  24. README
  25. seapp_contexts.mk
  26. TEST_MAPPING
  27. treble_sepolicy_tests_for_release.mk