commit 53065d6aa885e2b3ee4c3f8128ba9607fa8d98a1
author Suren Baghdasaryan <surenb@google.com> Thu May 10 15:36:59 2018 -0700
committer Suren Baghdasaryan <surenb@google.com> Wed Mar 13 10:00:37 2019 -0700
tree 64223c1f8acf5e12018477eb59ba98d3ecf54649
parent 20fe557ec57c057fef4bc96394ca6aff9571c587

sepolicy: Allow lmkd access to psi procfs nodes

Lmkd needs read access to /proc/pressure/memory, proc/pressure/cpu
and proc/pressure/io nodes to read current psi levels.
Lmkd needs write access to /proc/pressure/memory to set psi monitor
triggers.

Bug: 111308141
Test: modified lmkd to use PSI and tested using lmkd_unit_test

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Merged-In: I9efd60c7fbb89cc08938fa5119b13d794813b52b
Change-Id: I9efd60c7fbb89cc08938fa5119b13d794813b52b

private/compat/26.0/26.0.cil

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index abd5fc3..1e21719 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -481,6 +481,9 @@
     proc_panic
     proc_pid_max
     proc_pipe_conf
+    proc_pressure_cpu
+    proc_pressure_io
+    proc_pressure_mem
     proc_random
     proc_sched
     proc_slabinfo

private/compat/27.0/27.0.cil

diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 8bc2ca6..078d608 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1196,6 +1196,9 @@
     proc_panic
     proc_pid_max
     proc_pipe_conf
+    proc_pressure_cpu
+    proc_pressure_io
+    proc_pressure_mem
     proc_random
     proc_sched
     proc_slabinfo

private/compat/28.0/28.0.cil

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 18604bc..77c215c 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1378,6 +1378,9 @@
 (typeattributeset proc_28_0
   ( proc
     proc_keys
+    proc_pressure_cpu
+    proc_pressure_io
+    proc_pressure_mem
     proc_slabinfo))
 (typeattributeset proc_abi_28_0 (proc_abi))
 (typeattributeset proc_asound_28_0 (proc_asound))

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 9eeb43a..070559f 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -24,6 +24,9 @@
 genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
+genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0
+genfscon proc /pressure/io u:object_r:proc_pressure_io:s0
+genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0
 genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0

public/file.te

diff --git a/public/file.te b/public/file.te
index 256bca5..a2d1967 100644
--- a/public/file.te
+++ b/public/file.te
@@ -44,6 +44,9 @@
 type proc_perf, fs_type, proc_type;
 type proc_pid_max, fs_type, proc_type;
 type proc_pipe_conf, fs_type, proc_type;
+type proc_pressure_cpu, fs_type, proc_type;
+type proc_pressure_io, fs_type, proc_type;
+type proc_pressure_mem, fs_type, proc_type;
 type proc_random, fs_type, proc_type;
 type proc_sched, fs_type, proc_type;
 type proc_slabinfo, fs_type, proc_type;

public/lmkd.te

diff --git a/public/lmkd.te b/public/lmkd.te
index cd23701..518fb8f 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -49,6 +49,13 @@
 # Read /proc/meminfo
 allow lmkd proc_meminfo:file r_file_perms;
 
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow lmkd proc_pressure_cpu:file r_file_perms;
+allow lmkd proc_pressure_io:file r_file_perms;
+
+# Read/Write /proc/pressure/memory
+allow lmkd proc_pressure_mem:file rw_file_perms;
+
 # Allow lmkd to write to statsd.
 unix_socket_send(lmkd, statsdw, statsd)