From 5b15baeb1ea3143ada653b9292ad851c02ad574e Mon Sep 17 00:00:00 2001
From: Yabin Cui <yabinc@google.com>
Date: Mon, 6 Mar 2017 17:27:54 -0800
Subject: [PATCH] Make /proc/sys/kernel/perf_event_max_sample_rate accessible
 to untrusted_app.

perf_event_max_sample_rate is needed to be read for native profiling,
otherwise CTS test can fail on devices with kernel >= 4.4. Before this CL,
the file is not readable from untrusted_app domain. This CL makes it readable
from both shell domain and untrusted_app domain.

Bug: http://b/35554543
Test: build and test on marlin.
Change-Id: Id118e06e3c800b70a749ab112e07a4ec24bb5975
---
 private/genfs_contexts | 1 +
 public/domain.te       | 3 +++
 public/file.te         | 1 +
 3 files changed, 5 insertions(+)

diff --git a/private/genfs_contexts b/private/genfs_contexts
index e84b49433..787336714 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -22,6 +22,7 @@ genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
diff --git a/public/domain.te b/public/domain.te
index b8004ac94..19243a698 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -118,6 +118,9 @@ allow domain proc_cpuinfo:file r_file_perms;
 # jemalloc needs to read /proc/sys/vm/overcommit_memory
 allow domain proc_overcommit_memory:file r_file_perms;
 
+# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
+allow domain proc_perf:file r_file_perms;
+
 # toybox loads libselinux which stats /sys/fs/selinux/
 allow domain selinuxfs:dir search;
 allow domain selinuxfs:file getattr;
diff --git a/public/file.te b/public/file.te
index 72f30f463..2936d6515 100644
--- a/public/file.te
+++ b/public/file.te
@@ -18,6 +18,7 @@ type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_net, fs_type;
+type proc_perf, fs_type;
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
-- 
GitLab