Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app.

am: 5b15baeb Change-Id: Ic6ce0d595986c64590f85e8f39454585f42c1504

Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app.
am: 5b15baeb Change-Id: Ic6ce0d595986c64590f85e8f39454585f42c1504
4fa88f87 · Yabin Cui · android-build-merger · 3227d2ce · 5b15baeb · 4fa88f87
Commit 4fa88f87 authored 8 years ago by Yabin Cui Committed by android-build-merger 8 years ago
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -22,6 +22,7 @@ genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0

--- a/public/domain.te
+++ b/public/domain.te
@@ -118,6 +118,9 @@ allow domain proc_cpuinfo:file r_file_perms;
 # jemalloc needs to read /proc/sys/vm/overcommit_memory
 allow domain proc_overcommit_memory:file r_file_perms;
+# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
+allow domain proc_perf:file r_file_perms;
 # toybox loads libselinux which stats /sys/fs/selinux/
 allow domain selinuxfs:dir search;
 allow domain selinuxfs:file getattr;

--- a/public/file.te
+++ b/public/file.te
@@ -18,6 +18,7 @@ type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_net, fs_type;
+type proc_perf, fs_type;
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;