diff options
author | Robin Hsu <robinhsu@google.com> | 2024-04-21 13:12:43 +0000 |
---|---|---|
committer | Robin Hsu <robinhsu@google.com> | 2024-04-21 13:36:59 +0000 |
commit | 022c0815f4fca33869bd7e279fcad2decfff416e (patch) | |
tree | 2346c12369b7a4ea5103b3a56f3ced66cd8136e6 | |
parent | c6f6a48eeaf26d1d1b934c64505aee620344f684 (diff) | |
download | pixel-sepolicy-022c0815f4fca33869bd7e279fcad2decfff416e.tar.gz |
* pixel-sepolicy:
- allow pixelstats to query more MM Metrics in user build (some
sysfs nodes: previously userdebug/eng builds only)
- Add permission to read /proc/meminfo, /proc/stat
Test: local devices sysnode access test
Bug: 320418316
Change-Id: I8a74458be02d5c22e37c5a7d461c8e8498a8da9e
Signed-off-by: Robin Hsu <robinhsu@google.com>
-rw-r--r-- | pixelstats/pixelstats_vendor.te | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te index d0850b1..5a90395 100644 --- a/pixelstats/pixelstats_vendor.te +++ b/pixelstats/pixelstats_vendor.te @@ -22,18 +22,21 @@ get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop) allow pixelstats_vendor fwk_stats_service:service_manager find; binder_call(pixelstats_vendor, stats_service_server) -allow pixelstats_vendor sysfs_zram:dir search; -allow pixelstats_vendor sysfs_zram:file r_file_perms; +# Pixel MM Metrics: (Atoms: PixelMmMetricsPerHour, PixelMmMetricsPerDay, +# CmaStatus, CmaStatusExt, ZramBdStat, ZramMmStat) +allow pixelstats_vendor kernel:dir search; +allow pixelstats_vendor kernel:file r_file_perms; +allow pixelstats_vendor proc_meminfo:file r_file_perms; +allow pixelstats_vendor proc_pressure_cpu:file r_file_perms; +allow pixelstats_vendor proc_pressure_io:file r_file_perms; +allow pixelstats_vendor proc_pressure_mem:file r_file_perms; +allow pixelstats_vendor proc_stat:file r_file_perms; +allow pixelstats_vendor proc_vmstat:file r_file_perms; +allow pixelstats_vendor sysfs_dma_heap:dir search; +allow pixelstats_vendor sysfs_dma_heap:file r_file_perms; +allow pixelstats_vendor sysfs_ion:dir search; +allow pixelstats_vendor sysfs_ion:file r_file_perms; allow pixelstats_vendor sysfs_pixel_stat:dir r_dir_perms; allow pixelstats_vendor sysfs_pixel_stat:file r_file_perms; - -userdebug_or_eng(` - allow pixelstats_vendor { proc_pressure_cpu proc_pressure_io proc_pressure_mem }:file r_file_perms; - allow pixelstats_vendor proc_vmstat:file r_file_perms; - allow pixelstats_vendor sysfs_ion:dir search; - allow pixelstats_vendor sysfs_ion:file r_file_perms; - allow pixelstats_vendor sysfs_dma_heap:dir search; - allow pixelstats_vendor sysfs_dma_heap:file r_file_perms; - allow pixelstats_vendor kernel:dir search; - allow pixelstats_vendor kernel:file r_file_perms; -') +allow pixelstats_vendor sysfs_zram:dir search; +allow pixelstats_vendor sysfs_zram:file r_file_perms; |