sdm660-common: sepolicy: Add permission to access proc_energy_aware file node

Energy aware feature control is previously done through debugfs, which will be deprecated, so move the control to sysctl. Added permisson for it, and removed the one unused. [ 1.460128] audit: type=1400 audit(2753763.033:8): avc: denied { write } for pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-05 16:49:18.933 820 820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-05 17:00:15.726 822 822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 Bug: 141333728 Test: function works as expected Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae Signed-off-by: clarencelol <clarencekuiek@icloud.com> Signed-off-by: pix106 <sbordenave@gmail.com>
2021-11-04 23:38:20 +08:00 · 2021-11-04 23:38:20 +08:00 · 5183d7fb36
commit 5183d7fb36
parent c825b9bdb8
4 changed files with 6 additions and 0 deletions
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@ -22,6 +22,9 @@ type audio_socket, file_type;
 # Battery Saver
 type sysfs_battery_saver, fs_type, sysfs_type;

+# PowerHAL
+type proc_sched_energy_aware, proc_type, fs_type;
+
 # Powerstats
 type sysfs_iio_devices, fs_type, sysfs_type;
 type sysfs_power_stats, sysfs_type, fs_type;
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@ -54,6 +54,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpubw
 genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw                                                                                               u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0                                                                                            u:object_r:sysfs_devfreq:s0
 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4                                                                                            u:object_r:sysfs_devfreq:s0
+genfscon proc /sys/kernel/sched_energy_aware                                                                                                         u:object_r:proc_sched_energy_aware:s0

 # Powerstats
 genfscon sysfs /bus/iio/devices                                                                                                                        u:object_r:sysfs_iio_devices:s0
--- a/sepolicy/vendor/hal_power_default.te
+++ b/sepolicy/vendor/hal_power_default.te
@ -4,6 +4,7 @@ allow hal_power_default device_latency:chr_file rw_file_perms;
 allow hal_power_default sysfs_battery_saver:dir r_dir_perms;
 allow hal_power_default sysfs_battery_saver:file rw_file_perms;
 allow hal_power_default proc:{ file lnk_file } rw_file_perms;
+allow hal_power_default proc_sched_energy_aware:file rw_file_perms;
 allow hal_power_default { sysfs_devfreq sysfs_kgsl }:dir search;
 allow hal_power_default { sysfs_devfreq sysfs_kgsl }:{ file lnk_file } rw_file_perms;
 allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@ -9,6 +9,7 @@ allow vendor_init {
 allow vendor_init tee_device:chr_file getattr;
 allow vendor_init persist_file:lnk_file read;
 allow vendor_init proc:file w_file_perms;
+allow vendor_init proc_sched_energy_aware:file w_file_perms;

 get_prop(vendor_init, hal_fingerprint_prop)