Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / dbca625a9c7397d597791558495646b55e13c5cb^! / . / microdroid / system
commitdbca625a9c7397d597791558495646b55e13c5cb[log] [tgz]
authorBart Sears <bsears@google.com>Sun Aug 04 23:06:24 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Sun Aug 04 23:06:24 2024 +0000
tree98ef4f3e430709552cf7299d5e3076e8b0a00ff4
parentaf08bd3aa81e801bb4dafa65a579183e2be685f4 [diff]
Revert "sepolicy: remove all remaining qtaguid stuff."

This reverts commit af08bd3aa81e801bb4dafa65a579183e2be685f4.

Reason for revert: Broke <device>-next-userdebug builds

Bug: 357439147
Change-Id: I094353bde91e71c5d92777f6d152ad193f039277

diff --git a/microdroid/system/private/genfs_contexts b/microdroid/system/private/genfs_contexts
index 2ba6a15..8938ef2 100644
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts

@@ -27,6 +27,8 @@
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
 genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
+genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0

diff --git a/microdroid/system/private/init.te b/microdroid/system/private/init.te
index 1a991f6..67af209 100644
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te

@@ -288,8 +288,10 @@
   proc_kmsg
   proc_net
   proc_pagetypeinfo
+  proc_qtaguid_stat
   proc_slabinfo
   proc_sysrq
+  proc_qtaguid_ctrl
   proc_vmallocinfo
 }:file setattr;
 

diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index 8580c0b..5b6f82e 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes

@@ -44,7 +44,7 @@
 attribute proc_type;
 expandattribute proc_type false;
 
-# Types in /proc/net.
+# Types in /proc/net, excluding qtaguid types.
 # TODO(b/9496886) Lock down access to /proc/net.
 # This attribute is used to audit access to proc_net. it is temporary and will
 # be removed.

diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 1a674ab..8d3f76a 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te

@@ -116,6 +116,8 @@
 type proc_pressure_cpu, fs_type, proc_type;
 type proc_pressure_io, fs_type, proc_type;
 type proc_pressure_mem, fs_type, proc_type;
+type proc_qtaguid_ctrl, fs_type, proc_type;
+type proc_qtaguid_stat, fs_type, proc_type;
 type proc_random, fs_type, proc_type;
 type proc_sched, fs_type, proc_type;
 type proc_security, fs_type, proc_type;