diff options
| author | Jenhao Chen <jenhaochen@google.com> | 2019-01-04 15:09:50 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-01-04 15:09:50 +0000 |
| commit | b188902113e931ca56a2dd552d270a2ac8cadd89 (patch) | |
| tree | 2c8a13579873a702d2d5a52f40442ee1434bf8c7 | |
| parent | bcd578178dc6b673524b546792a63b253b3abad6 (diff) | |
| parent | 2e9cefe986cbc23a03cab768a23fad8aa3437910 (diff) | |
| download | bonito-sepolicy-pie-b4s4-dev.tar.gz | |
Merge "RESTRICT AUTOMERGE Update sepolicy files for perfstatsd" into pi-devpie-b4s4-dev
| -rw-r--r-- | vendor/google/file_contexts | 1 | ||||
| -rw-r--r-- | vendor/google/perfstatsd.te | 19 | ||||
| -rw-r--r-- | vendor/google/vndservice.te | 1 | ||||
| -rw-r--r-- | vendor/google/vndservice_contexts | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/hal_dumpstate_impl.te | 6 |
5 files changed, 28 insertions, 0 deletions
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index fdc754ca..4b4bf861 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -12,6 +12,7 @@ /vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.0-service-disabled u:object_r:hal_secure_element_default_exec:s0 /vendor/bin/hw/android\.hardware\.power@1\.3-service\.bonito-libperfmgr u:object_r:hal_power_default_exec:s0 +/vendor/bin/perfstatsd u:object_r:perfstatsd_exec:s0 /vendor/bin/ramoops u:object_r:ramoops_exec:s0 /vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0 /vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0 diff --git a/vendor/google/perfstatsd.te b/vendor/google/perfstatsd.te new file mode 100644 index 00000000..148bb5ee --- /dev/null +++ b/vendor/google/perfstatsd.te @@ -0,0 +1,19 @@ +type perfstatsd_exec, exec_type, vendor_file_type, file_type; + +userdebug_or_eng(` + type perfstatsd, domain, mlstrustedsubject; + init_daemon_domain(perfstatsd) + + #Binder permissions + add_service(perfstatsd, perfstatsd_service) + vndbinder_use(perfstatsd) + + #read /proc/<pid>/stat + r_dir_file(perfstatsd, domain) + + allow perfstatsd { + proc + proc_stat + proc_uid_io_stats + }:file r_file_perms; +') diff --git a/vendor/google/vndservice.te b/vendor/google/vndservice.te index 6bf77c8b..2518809d 100644 --- a/vendor/google/vndservice.te +++ b/vendor/google/vndservice.te @@ -1 +1,2 @@ type citadeld_service, vndservice_manager_type; +type perfstatsd_service, vndservice_manager_type; diff --git a/vendor/google/vndservice_contexts b/vendor/google/vndservice_contexts index 5534176b..b7d8a72e 100644 --- a/vendor/google/vndservice_contexts +++ b/vendor/google/vndservice_contexts @@ -1 +1,2 @@ android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0 +perfstatsd_pri u:object_r:perfstatsd_service:s0 diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te index e8dd105f..d4e0f2b6 100644 --- a/vendor/qcom/common/hal_dumpstate_impl.te +++ b/vendor/qcom/common/hal_dumpstate_impl.te @@ -32,6 +32,12 @@ userdebug_or_eng(` allow hal_dumpstate_impl sysfs_esim:file r_file_perms; set_prop(hal_dumpstate_impl, vendor_modem_diag_prop) + + #Dump perfstatsd + allow hal_dumpstate_impl perfstatsd_exec:file rx_file_perms; + allow hal_dumpstate_impl perfstatsd_service:service_manager find; + vndbinder_use(hal_dumpstate_impl) + binder_call(hal_dumpstate_impl, perfstatsd) ') allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms; |