Merge "Sepolicy for mm events trace instance"

commit: d37f2e9d653bb90c83637fe6ccbd8f2a1ab4be93 [log] [tgz]
author: Kalesh Singh <kaleshsingh@google.com> Tue Jan 26 14:33:39 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 26 14:33:39 2021 +0000
tree: c394b9462642ff899f16b820a496ab05fa7bc185
parent: 93fcd516893f4390dfe1710bb1aae43beca8a862 [diff]
parent: aab7a738680d6d24ea321e9289e784601bd23103 [diff]
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 0d4fd31..57ffc45 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -17,6 +17,7 @@
     cgroup_v2
     ctl_snapuserd_prop
     debugfs_kprobes
+    debugfs_mm_events_tracing
     device_config_profcollect_native_boot_prop
     device_state_service
     dm_user_device

diff --git a/private/genfs_contexts b/private/genfs_contexts
index ecde711..c5baf79 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -174,6 +174,8 @@
 
 genfscon debugfs /tracing/instances                   u:object_r:debugfs_tracing_instances:s0
 genfscon tracefs /instances                           u:object_r:debugfs_tracing_instances:s0
+genfscon debugfs /tracing/instances/mm_events         u:object_r:debugfs_mm_events_tracing:s0
+genfscon tracefs /instances/mm_events                 u:object_r:debugfs_mm_events_tracing:s0
 genfscon debugfs /tracing/instances/wifi              u:object_r:debugfs_wifi_tracing:s0
 genfscon tracefs /instances/wifi                      u:object_r:debugfs_wifi_tracing:s0
 genfscon debugfs /tracing/trace_marker                u:object_r:debugfs_trace_marker:s0

diff --git a/private/traced_probes.te b/private/traced_probes.te
index d192bfd..da9c635 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te

@@ -16,6 +16,11 @@
 allow traced_probes debugfs_trace_marker:file getattr;
 allow traced_probes debugfs_tracing_printk_formats:file r_file_perms;
 
+# Allow traced_probes to access mm_events trace instance
+allow traced_probes debugfs_tracing_instances:dir search;
+allow traced_probes debugfs_mm_events_tracing:dir search;
+allow traced_probes debugfs_mm_events_tracing:file rw_file_perms;
+
 # TODO(primiano): temporarily I/O tracing categories are still
 # userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
@@ -137,3 +142,4 @@
 # Only init is allowed to enter the traced_probes domain via exec()
 neverallow { domain -init } traced_probes:process transition;
 neverallow * traced_probes:process dyntransition;
+

diff --git a/public/file.te b/public/file.te
index c1c69b9..dceb96e 100644
--- a/public/file.te
+++ b/public/file.te

@@ -138,6 +138,7 @@
 type debugfs, fs_type, debugfs_type;
 type debugfs_kprobes, fs_type, debugfs_type;
 type debugfs_mmc, fs_type, debugfs_type;
+type debugfs_mm_events_tracing, fs_type, debugfs_type;
 type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject;
commit	d37f2e9d653bb90c83637fe6ccbd8f2a1ab4be93	[log] [tgz]
author	Kalesh Singh <kaleshsingh@google.com>	Tue Jan 26 14:33:39 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jan 26 14:33:39 2021 +0000
tree	c394b9462642ff899f16b820a496ab05fa7bc185
parent	93fcd516893f4390dfe1710bb1aae43beca8a862 [diff]
parent	aab7a738680d6d24ea321e9289e784601bd23103 [diff]