From 2c41fdac3207d6e2c67efda05e9e5761d577daa4 Mon Sep 17 00:00:00 2001
From: Piotr Klasa <pklasa@google.com>
Date: Thu, 5 Dec 2024 12:05:19 +0100
Subject: [PATCH] Add Proc Vendor Sched Sepolicy Fix

Bug: 361092565

Test: m atest && atest-dev com.google.android.selinux.pts.SELinuxTest#scanAvcDeniedLogRightAfterReboot
Test: adb shell dmesg | grep proc_vendor_sched ; adb logcat -d | grep proc_vendor_sched

Evidences

12-02 19:31:34.952   279   279 W init    : type=1400 audit(0.0:7): avc:  denied  { associate } for  name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.956   279   279 W init    : type=1400 audit(0.0:8): avc:  denied  { associate } for  name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.956   279   279 W init    : type=1400 audit(0.0:9): avc:  denied  { associate } for  name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.956   279   279 W init    : type=1400 audit(0.0:10): avc:  denied  { associate } for  name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.956   279   279 W init    : type=1400 audit(0.0:11): avc:  denied  { associate } for  name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.956   279   279 W init    : type=1400 audit(0.0:12): avc:  denied  { associate } for  name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.960   279   279 W init    : type=1400 audit(0.0:13): avc:  denied  { associate } for  name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.960   279   279 W init    : type=1400 audit(0.0:14): avc:  denied  { associate } for  name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.960   279   279 W init    : type=1400 audit(0.0:15): avc:  denied  { associate } for  name="prefer_idle" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0
12-02 19:31:34.960   279   279 W init    : type=1400 audit(0.0:16): avc:  denied  { associate } for  name="uclamp_min" scontext=u:object_r:proc_vendor_sched:s0 tcontext=u:object_r:proc:s0 tclass=filesystem permissive=0

Flag: EXEMPT bugfix
Change-Id: Iad58e23abc1a7e27c3f5f4130e50d7e4aa0b6cf8
---
 performance/sepolicy/proc_vendor_sched.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 performance/sepolicy/proc_vendor_sched.te

diff --git a/performance/sepolicy/proc_vendor_sched.te b/performance/sepolicy/proc_vendor_sched.te
new file mode 100644
index 0000000..dc78c75
--- /dev/null
+++ b/performance/sepolicy/proc_vendor_sched.te
@@ -0,0 +1,2 @@
+#Vendor Sched
+allow proc_vendor_sched proc:filesystem associate;