Allow bpfloader to read fuse's bpf_prog number
Bug: 202785178
Test: Along with rest of topic, file
/sys/fs/bpf/prog_fuse_media_fuse_media
appears on boot with fuse-bpf in kernel
Merged-In: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
Change-Id: Ibccdf177c75fef0314c86319be3f0b0f249ce59d
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 25cfda4..2be2a4e 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -13,6 +13,8 @@
allow bpfloader self:capability { chown sys_admin net_admin };
+allow bpfloader sysfs_fs_fuse_bpf:file r_file_perms;
+
set_prop(bpfloader, bpf_progs_loaded_prop)
###
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index f89c3ba..c840081 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -46,6 +46,7 @@
proc_watermark_scale_factor
untrusted_app_30
proc_vendor_sched
+ sysfs_fs_fuse_bpf
sysfs_vendor_sched
tv_iapp_service
vendor_vm_file
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 39b04f3..a7cdeb8 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -148,6 +148,7 @@
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
+genfscon sysfs /fs/fuse/bpf_prog_type_fuse u:object_r:sysfs_fs_fuse_bpf:s0
genfscon sysfs /fs/incremental-fs/features u:object_r:sysfs_fs_incfs_features:s0
genfscon sysfs /fs/incremental-fs/instances u:object_r:sysfs_fs_incfs_metrics:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0