sepolicy: Allow creating synthetic trace events
rss_stat will be throttled using histogram triggers and synthetic trace
events. Add genfs context labels for the synthetic tracefs files.
Bug: 145972256
Test: Check log cat for avc denials
Change-Id: I7e183aa930bb6ee79613d011bed7174d553f9c1a
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 664a3b3..bf03bf7 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -229,6 +229,12 @@
genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0
genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /synthetic_events u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/synthetic/rss_stat_throttled u:object_r:debugfs_tracing:s0
+
+genfscon debugfs /tracing/synthetic_events u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/synthetic/rss_stat_throttled u:object_r:debugfs_tracing:s0
+
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
diff --git a/private/init.te b/private/init.te
index 3b64e25..31dabfa 100644
--- a/private/init.te
+++ b/private/init.te
@@ -107,6 +107,11 @@
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms;
+# Devices with kernels where CONFIG_HIST_TRIGGERS isn't enabled will
+# attempt to write a non exisiting 'synthetic_events' file, when setting
+# up synthetic events. This is a no-op in tracefs.
+dontaudit init debugfs_tracing_debug:dir { write add_name };
+
# chown/chmod on devices.
allow init {
dev_type