From 5183d7fb363139803921b1d717363c44384defb5 Mon Sep 17 00:00:00 2001 From: Rick Yiu Date: Thu, 4 Nov 2021 23:38:20 +0800 Subject: [PATCH] sdm660-common: sepolicy: Add permission to access proc_energy_aware file node Energy aware feature control is previously done through debugfs, which will be deprecated, so move the control to sysctl. Added permisson for it, and removed the one unused. [ 1.460128] audit: type=1400 audit(2753763.033:8): avc: denied { write } for pid=537 comm="init" name="energy_aware" dev="proc" ino=21663 scontext=u:r:vendor_init:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-05 16:49:18.933 820 820 W NodeLooperThrea: type=1400 audit(0.0:1097): avc: denied { write } for name="energy_aware" dev="proc" ino=66567 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 10-05 17:00:15.726 822 822 W NodeLooperThrea: type=1400 audit(0.0:262): avc: denied { open } for path="/proc/sys/kernel/energy_aware" dev="proc" ino=51228 scontext=u:r:hal_power_default:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0 Bug: 141333728 Test: function works as expected Change-Id: I2b4eda73bfa34824244e21d804b48eee49a71eae Signed-off-by: clarencelol Signed-off-by: pix106 --- sepolicy/vendor/file.te | 3 +++ sepolicy/vendor/genfs_contexts | 1 + sepolicy/vendor/hal_power_default.te | 1 + sepolicy/vendor/vendor_init.te | 1 + 4 files changed, 6 insertions(+) diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te index 653e109c..ca006cc3 100644 --- a/sepolicy/vendor/file.te +++ b/sepolicy/vendor/file.te @@ -22,6 +22,9 @@ type audio_socket, file_type; # Battery Saver type sysfs_battery_saver, fs_type, sysfs_type; +# PowerHAL +type proc_sched_energy_aware, proc_type, fs_type; + # Powerstats type sysfs_iio_devices, fs_type, sysfs_type; type sysfs_power_stats, sysfs_type, fs_type; diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts index e08b986f..52c6da76 100644 --- a/sepolicy/vendor/genfs_contexts +++ b/sepolicy/vendor/genfs_contexts @@ -54,6 +54,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpubw genfscon sysfs /devices/platform/soc/soc:qcom,mincpubw u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu0 u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/platform/soc/soc:qcom,memlat-cpu4 u:object_r:sysfs_devfreq:s0 +genfscon proc /sys/kernel/sched_energy_aware u:object_r:proc_sched_energy_aware:s0 # Powerstats genfscon sysfs /bus/iio/devices u:object_r:sysfs_iio_devices:s0 diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te index ebbbc897..adc72bb1 100644 --- a/sepolicy/vendor/hal_power_default.te +++ b/sepolicy/vendor/hal_power_default.te @@ -4,6 +4,7 @@ allow hal_power_default device_latency:chr_file rw_file_perms; allow hal_power_default sysfs_battery_saver:dir r_dir_perms; allow hal_power_default sysfs_battery_saver:file rw_file_perms; allow hal_power_default proc:{ file lnk_file } rw_file_perms; +allow hal_power_default proc_sched_energy_aware:file rw_file_perms; allow hal_power_default { sysfs_devfreq sysfs_kgsl }:dir search; allow hal_power_default { sysfs_devfreq sysfs_kgsl }:{ file lnk_file } rw_file_perms; allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms; diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index 882d1422..cbfd69c2 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -9,6 +9,7 @@ allow vendor_init { allow vendor_init tee_device:chr_file getattr; allow vendor_init persist_file:lnk_file read; allow vendor_init proc:file w_file_perms; +allow vendor_init proc_sched_energy_aware:file w_file_perms; get_prop(vendor_init, hal_fingerprint_prop)