From a8634006fb1310c3a529c8f28e90a9908463b6bb Mon Sep 17 00:00:00 2001
From: Eileen Lai <eileenisgood@google.com>
Date: Fri, 13 Dec 2024 01:07:09 -0800
Subject: [PATCH] kernel metrics: add selinux policy about modem_boot_duration
 for kernel metrics feature

Bug: 368510043

12-13 23:10:00.604   993   993 I binder:993_2: type=1400 audit(0.0:327): avc:  denied  { read } for  name="modem_boot_duration" dev="sysfs" ino=72272 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs_kernel_metrics:s0 tclass=file permissive=1
12-13 23:10:00.604   993   993 I binder:993_2: type=1400 audit(0.0:328): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/modem_boot_duration" dev="sysfs" ino=72272 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs_kernel_metrics:s0 tclass=file permissive=1
12-13 23:10:00.604   993   993 I binder:993_2: type=1400 audit(0.0:329): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/modem_boot_duration" dev="sysfs" ino=72272 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs_kernel_metrics:s0 tclass=file permissive=1

Flag: EXEMPT update sepolicy

Change-Id: Id50146858f84d3716855b9010e95c7232c6accfa
---
 modem/shared_modem_platform/sepolicy/file.te                  | 2 ++
 modem/shared_modem_platform/sepolicy/genfs_contexts           | 1 +
 modem/shared_modem_platform/sepolicy/shared_modem_platform.te | 3 +++
 3 files changed, 6 insertions(+)
 create mode 100644 modem/shared_modem_platform/sepolicy/file.te
 create mode 100644 modem/shared_modem_platform/sepolicy/genfs_contexts

diff --git a/modem/shared_modem_platform/sepolicy/file.te b/modem/shared_modem_platform/sepolicy/file.te
new file mode 100644
index 0000000..0f9ce9a
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/file.te
@@ -0,0 +1,2 @@
+# Define the type which declare in genfs_contexts
+type sysfs_kernel_metrics, sysfs_type, fs_type;
diff --git a/modem/shared_modem_platform/sepolicy/genfs_contexts b/modem/shared_modem_platform/sepolicy/genfs_contexts
new file mode 100644
index 0000000..94b4ce0
--- /dev/null
+++ b/modem/shared_modem_platform/sepolicy/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_kernel_metrics:s0
diff --git a/modem/shared_modem_platform/sepolicy/shared_modem_platform.te b/modem/shared_modem_platform/sepolicy/shared_modem_platform.te
index 7fc7a30..d3cabac 100644
--- a/modem/shared_modem_platform/sepolicy/shared_modem_platform.te
+++ b/modem/shared_modem_platform/sepolicy/shared_modem_platform.te
@@ -1,2 +1,5 @@
 # Shared modem platform will register the default instance of the AIDL ISharedModemPlatform hal.
 hal_server_domain(shared_modem_platform, hal_shared_modem_platform)
+
+allow shared_modem_platform sysfs_kernel_metrics:file r_file_perms;
+