Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ea1bd5d68fe0a6540354692ee3d68f2b5a26a82e^! / . / private / genfs_contexts
commitea1bd5d68fe0a6540354692ee3d68f2b5a26a82e[log] [tgz]
authorCarlos Galo <carlosgalo@google.com>Tue Mar 12 20:04:41 2024 +0000
committerCarlos Galo <carlosgalo@google.com>Tue Mar 19 00:46:47 2024 -0700
tree0403f6558a98ea53eac21b7875862662f0d21b88
parentb58636b2d39107f183137e0392420ada07a6dc62 [diff] [blame]
lmkd: Add sepolicy rules around bpf for lmkd

LMKD needs to be able to attach BPF tracepoints. It needs to be able to
access tracefs, attach and run bpf programs.

Test: m
Test: Verified no denials with lmkd and libmemevents integration
Bug: 244232958
Change-Id: I57248b729c0f011937bec139930ca9d24ba91c3b
Signed-off-by: Carlos Galo <carlosgalo@google.com>

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 5dfec4b..6bcd617 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -324,10 +324,13 @@
 
 genfscon bpf / u:object_r:fs_bpf:s0
 genfscon bpf /loader u:object_r:fs_bpf_loader:s0
+genfscon bpf /map_bpfMemEvents_lmkd_rb u:object_r:fs_bpf_lmkd_memevents_rb:s0
 genfscon bpf /net_private u:object_r:fs_bpf_net_private:s0
 genfscon bpf /net_shared u:object_r:fs_bpf_net_shared:s0
 genfscon bpf /netd_readonly u:object_r:fs_bpf_netd_readonly:s0
 genfscon bpf /netd_shared u:object_r:fs_bpf_netd_shared:s0
+genfscon bpf /prog_bpfMemEvents_tracepoint_vmscan_mm_vmscan_direct_reclaim_begin_lmkd u:object_r:fs_bpf_lmkd_memevents_prog:s0
+genfscon bpf /prog_bpfMemEvents_tracepoint_vmscan_mm_vmscan_direct_reclaim_end_lmkd u:object_r:fs_bpf_lmkd_memevents_prog:s0
 genfscon bpf /tethering u:object_r:fs_bpf_tethering:s0
 genfscon bpf /vendor u:object_r:fs_bpf_vendor:s0
 genfscon bpf /uprobestats u:object_r:fs_bpf_uprobestats:s0