Skip to content
Snippets Groups Projects
Commit cbd7b182 authored by dcashman's avatar dcashman Committed by android-build-merger
Browse files

resolve merge conflicts of 5423db6e to stage-aosp-master am: 5e6aa65f

am: b10f3fbc

Change-Id: Ic241e06c93dafd28f9b15bbe71a60d57e0294c30
parents 9cd46da0 b10f3fbc
No related branches found
No related tags found
No related merge requests found
...@@ -181,3 +181,4 @@ allow dumpstate atrace_exec:file rx_file_perms; ...@@ -181,3 +181,4 @@ allow dumpstate atrace_exec:file rx_file_perms;
# This should be removed if sdcardfs is modified to alter the secontext for its # This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS. # accesses to the underlying FS.
allow dumpstate media_rw_data_file:dir getattr; allow dumpstate media_rw_data_file:dir getattr;
allow dumpstate proc_interrupts:file r_file_perms;
...@@ -13,10 +13,13 @@ type usermodehelper, fs_type, sysfs_type; ...@@ -13,10 +13,13 @@ type usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject; type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type; type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type; type proc_cpuinfo, fs_type;
type proc_interrupts, fs_type;
type proc_iomem, fs_type; type proc_iomem, fs_type;
type proc_meminfo, fs_type; type proc_meminfo, fs_type;
type proc_net, fs_type; type proc_net, fs_type;
type proc_stat, fs_type;
type proc_sysrq, fs_type; type proc_sysrq, fs_type;
type proc_timer, fs_type;
type proc_uid_cputime_showstat, fs_type; type proc_uid_cputime_showstat, fs_type;
type proc_uid_cputime_removeuid, fs_type; type proc_uid_cputime_removeuid, fs_type;
type selinuxfs, fs_type, mlstrustedobject; type selinuxfs, fs_type, mlstrustedobject;
......
...@@ -2,11 +2,14 @@ ...@@ -2,11 +2,14 @@
genfscon rootfs / u:object_r:rootfs:s0 genfscon rootfs / u:object_r:rootfs:s0
# proc labeling can be further refined (longest matching prefix). # proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0 genfscon proc / u:object_r:proc:s0
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0 genfscon proc /iomem u:object_r:proc_iomem:s0
genfscon proc /meminfo u:object_r:proc_meminfo:s0 genfscon proc /meminfo u:object_r:proc_meminfo:s0
genfscon proc /net u:object_r:proc_net:s0 genfscon proc /net u:object_r:proc_net:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
genfscon proc /softirqs u:object_r:proc_timer:s0
genfscon proc /stat u:object_r:proc_stat:s0
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
...@@ -24,6 +27,8 @@ genfscon proc /sys/net u:object_r:proc_net:s0 ...@@ -24,6 +27,8 @@ genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
genfscon proc /timer_list u:object_r:proc_timer:s0
genfscon proc /timer_stats u:object_r:proc_timer:s0
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
......
...@@ -198,6 +198,9 @@ allow init self:capability net_admin; ...@@ -198,6 +198,9 @@ allow init self:capability net_admin;
# Write to /proc/sysrq-trigger. # Write to /proc/sysrq-trigger.
allow init proc_sysrq:file w_file_perms; allow init proc_sysrq:file w_file_perms;
# Read /proc/stat for bootchart.
allow init proc_stat:file r_file_perms;
# Reboot. # Reboot.
allow init self:capability sys_boot; allow init self:capability sys_boot;
......
...@@ -96,7 +96,10 @@ allow shell { service_manager_type -gatekeeper_service -netd_service }:service_m ...@@ -96,7 +96,10 @@ allow shell { service_manager_type -gatekeeper_service -netd_service }:service_m
# allow shell to look through /proc/ for ps, top, netstat # allow shell to look through /proc/ for ps, top, netstat
r_dir_file(shell, proc) r_dir_file(shell, proc)
r_dir_file(shell, proc_net) r_dir_file(shell, proc_net)
allow shell proc_interrupts:file r_file_perms;
allow shell proc_meminfo:file r_file_perms; allow shell proc_meminfo:file r_file_perms;
allow shell proc_stat:file r_file_perms;
allow shell proc_timer:file r_file_perms;
r_dir_file(shell, cgroup) r_dir_file(shell, cgroup)
allow shell domain:dir { search open read getattr }; allow shell domain:dir { search open read getattr };
allow shell domain:{ file lnk_file } { open read getattr }; allow shell domain:{ file lnk_file } { open read getattr };
......
...@@ -113,6 +113,9 @@ allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr }; ...@@ -113,6 +113,9 @@ allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
# Write to /proc/sysrq-trigger. # Write to /proc/sysrq-trigger.
allow system_server proc_sysrq:file rw_file_perms; allow system_server proc_sysrq:file rw_file_perms;
# Read /proc/stat for CPU usage statistics
allow system_server proc_stat:file r_file_perms;
# Read /sys/kernel/debug/wakeup_sources. # Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs:file r_file_perms; allow system_server debugfs:file r_file_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment