sdm710-common: sepolicy: Allow init to write to proc

01-01 02:13:02.803   344   344 I hwservicemanager: Since android.hardware.keymaster@3.0::IKeymasterDevice/default is not registered, trying to start it as a lazy HAL.
01-01 02:13:02.804   371   371 I HidlServiceManagement: getService: Trying again for android.hardware.keymaster@3.0::IKeymasterDevice/default...
01-01 02:13:02.930     1     1 I init    : type=1400 audit(0.0:37): avc: denied { write } for name="dirty_background_bytes" dev="proc" ino=12937 scontext=u:r:init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1
01-01 02:13:02.953     1     1 I init    : type=1400 audit(0.0:38): avc: denied { write } for name="discard_max_bytes" dev="sysfs" ino=20778 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
01-01 02:13:02.953     1     1 I init    : type=1400 audit(0.0:39): avc: denied { open } for path="/sys/devices/soc.0/f9824900.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/discard_max_bytes" dev="sysfs" ino=20778 scontext=u:r:init:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Change-Id: I0283d0744619d82867318879152cd6fbfca094aa

BoardConfigCommon.mk

@@ -101,6 +101,7 @@ BOARD_SUPER_PARTITION_BLOCK_DEVICES := vendor system
 BOARD_SUPER_PARTITION_METADATA_DEVICE := system
 BOARD_SUPER_PARTITION_VENDOR_DEVICE_SIZE := 1073741824
 BOARD_SUPER_PARTITION_SYSTEM_DEVICE_SIZE := 5368709120
+BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 500019200
 BOARD_SUPER_PARTITION_SIZE := $(shell expr $(BOARD_SUPER_PARTITION_VENDOR_DEVICE_SIZE) + $(BOARD_SUPER_PARTITION_SYSTEM_DEVICE_SIZE) )
 
 BOARD_SUPER_PARTITION_GROUPS := lenovo710_dynpart

rootdir/etc/fstab.qcom

@@ -6,13 +6,14 @@
 # Currently we dont have e2fsck compiled. So fs check would failed.
 
 #<src>                                                 <mnt_point>               <type>  <mnt_flags and options>                            <fs_mgr_flags>
-system                                                  /system                  ext4    ro                                                 wait,logical,first_stage_mount
+system                                                  /system                  ext4    ro,barrier=1,discard                               wait,logical,first_stage_mount
-system_ext                                              /system_ext              ext4    ro                                                 wait,logical,first_stage_mount
+system_ext                                              /system_ext              ext4    ro,barrier=1,discard                               wait,logical,first_stage_mount
-product                                                 /product                 ext4    ro                                                 wait,logical,first_stage_mount
+product                                                 /product                 ext4    ro,barrier=1,discard                               wait,logical,first_stage_mount
-vendor                                                  /vendor                  ext4    ro                                                 wait,logical,first_stage_mount
+vendor                                                  /vendor                  ext4    ro,barrier=1,discard                               wait,logical,first_stage_mount
-odm                                                     /odm                     ext4    ro                                                 wait,logical,first_stage_mount
+odm                                                     /odm                     ext4    ro,barrier=1,discard                               wait,logical,first_stage_mount
+/dev/block/bootdevice/by-name/recovery                  /recovery                emmc    defaults                                           defaults
 /dev/block/bootdevice/by-name/boot                      /boot                    emmc    defaults                                           defaults
-/dev/block/bootdevice/by-name/logdump                   /metadata                ext4    nosuid,nodev,noatime,discard                       wait,check,formattable,first_stage_mount
+/dev/block/by-name/logdump                              /metadata                ext4    nosuid,nodev,noatime,discard                       wait,check,formattable,first_stage_mount
 /dev/block/bootdevice/by-name/userdata                  /data                    ext4    noatime,nosuid,noatime,nodev,barrier=1,noauto_da_alloc,discard,lazytime       latemount,wait,check,fileencryption=ice,reservedsize=128M
 /dev/block/bootdevice/by-name/cache                     /cache                   ext4    nosuid,noatime,nodev,barrier=1                               wait
 /devices/platform/soc/8804000.sdhci/mmc_host*           /storage/sdcard1         vfat    nosuid,nodev                                         wait,voldmanaged=sdcard1:auto,encryptable=footer

rootdir/etc/init.target.rc

@@ -96,12 +96,6 @@ on boot
     write /dev/cpuset/background/cpus 0-7
     write /dev/cpuset/system-background/cpus 0-7
 
-    # Allow system to manipulate KProfiles modes and parameters
-    chown system system /sys/module/kprofiles/parameters/auto_kprofiles
-    chmod 0660 /sys/module/kprofiles/parameters/auto_kprofiles
-    chown system system /sys/module/kprofiles/parameters/kp_mode
-    chmod 0660 /sys/module/kprofiles/parameters/kp_mode
-
 ####Regionalization config and prop files####
     chmod 0644 /persist/speccfg/spec
     chmod 0644 /persist/speccfg/devicetype

sdm710.mk

@@ -279,10 +279,6 @@ PRODUCT_PACKAGES += \
     vendor.lineage.livedisplay@2.0-service-sdm
 endif
 
-# KProfiles
-PRODUCT_PACKAGES += \
-    KProfiles
-
 # Media
 PRODUCT_PACKAGES += \
     libavservices_minijail \

sepolicy/private/init.te

@@ -0,0 +1 @@
+allow init proc:file write;

sepolicy/vendor/file.te

@@ -10,6 +10,3 @@ type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_rpm, sysfs_type, fs_type;
 type sysfs_system_sleep_stats, sysfs_type, fs_type;
 type sysfs_tp, fs_type, sysfs_type;
-
-# KProfiles
-type sysfs_kprofiles, sysfs_type, fs_type;

sepolicy/vendor/file_contexts

@@ -31,3 +31,7 @@
 # Block devices
 /dev/block/platform/soc/7c4000\.sdhci/by-name/system     u:object_r:system_block_device:s0
 /dev/block/platform/soc/7c4000\.sdhci/by-name/vendor     u:object_r:system_block_device:s0
+/dev/block/platform/soc/7c4000\.sdhci/by-name/logdump    u:object_r:metadata_block_device:s0
+
+# MMC
+/sys/devices/platform/soc/7c4000.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/queue/discard_max_bytes u:object_r:sysfs_mmc_host:s0

sepolicy/vendor/fsck.te

@@ -0,0 +1 @@
+allow fsck fsck:capability kill;

sepolicy/vendor/genfs_contexts

@@ -7,10 +7,6 @@ genfscon proc /sys/kernel/sched_boost                 u:object_r:proc_sysctl_sch
 # DT2W
 genfscon sysfs /devices/virtual/touch/tp_dev/gesture_on u:object_r:sysfs_tp:s0
 
-# KProfiles
-genfscon sysfs /module/kprofiles/parameters/auto_kprofiles u:object_r:sysfs_kprofiles:s0
-genfscon sysfs /module/kprofiles/parameters/kp_mode u:object_r:sysfs_kprofiles:s0
-
 # Graphics
 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon1/name                                                          u:object_r:sysfs_graphics:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,msm-ext-disp/extcon/extcon2/name                                                          u:object_r:sysfs_graphics:s0

sepolicy/vendor/init.te

@@ -1,6 +1,6 @@
+get_prop(init, exported_default_prop)
+allow init logdump_partition:lnk_file relabelto;
+
 allow init self:netlink_route_socket rw_socket_perms_no_ioctl;
 allow init self:rawip_socket create_socket_perms_no_ioctl;
 allow init socket_device:sock_file { unlink setattr create };
-
-# Allow init to set attribute to sysfs_kprofiles
-allow init sysfs_kprofiles:file { setattr };

sepolicy/vendor/system_app.te

@@ -1,4 +1 @@
-# Allow KProfiles to be adjusted by a system app
-allow system_app sysfs_kprofiles:file rw_file_perms;
-
 allow system_app zygote:unix_stream_socket getopt;