Add rule for lib_name access from perfhal

Adding new sysfs label and sepolcies for perfhal denials, related to lib_name access. CRs-Fixed: 2102404 Change-Id: Id6c89b34688fa5b172aba89166c25ba32206e6c3
2017-08-31 17:20:42 +05:30
parent d4dbdef6fb
commit 7c268994a7
3 changed files with 3 additions and 0 deletions
--- a/common/file.te
+++ b/common/file.te
@@ -98,6 +98,7 @@ type sysfs_scsi_host, fs_type, sysfs_type;
 type sysfs_cpu_boost, fs_type, sysfs_type;
 type sysfs_msm_perf, fs_type, sysfs_type;
 type sysfs_memory, fs_type, sysfs_type;
+type sysfs_lib, fs_type, sysfs_type;

 #define the files writer during the operation of app state changes
 type gamed_socket, file_type;
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -443,6 +443,7 @@
 /sys/module/lpm_stats(/.*)?                                         u:object_r:sysfs_msm_stats:s0
 /sys/module/lpm_levels(/.*)?                                        u:object_r:sysfs_msm_power:s0
 /sys/module/radio_iris_transport/parameters/fmsmd_set               u:object_r:sysfs_fm:s0
+/sys/module/app_setting/parameters/lib_name                         u:object_r:sysfs_lib:s0

 ###################################
 # data files
--- a/common/hal_perf_default.te
+++ b/common/hal_perf_default.te
@@ -46,6 +46,7 @@ allow hal_perf_default mpctl_data_file:dir rw_dir_perms;
 allow hal_perf_default mpctl_data_file:file create_file_perms;
 allow hal_perf_default lm_data_file:dir rw_dir_perms;
 allow hal_perf_default lm_data_file:file create_file_perms;
+allow hal_perf_default sysfs_lib:file w_file_perms;

 allow hal_perf {
    sysfs_devices_system_cpu