From ca670f1106e1af2dc930aea083a2c48d3c9be569 Mon Sep 17 00:00:00 2001 From: Eileen Lai Date: Thu, 2 Jan 2025 18:09:35 +0000 Subject: [PATCH] kernel metrics: add selinux policy for kernel metrics feature Add selinux policy for modem_wakeup_ap, pcie_link_state, pcie_link_duration, pcie_link_stats, pcie_link_updown Bug: 368510043 01-03 00:28:02.216 952 952 I binder:952_2: type=1400 audit(0.0:1550): avc: denied { read } for name="modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:28:02.216 952 952 I binder:952_2: type=1400 audit(0.0:1551): avc: denied { open } for path="/sys/kernel/pixel_metrics/modem/modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:28:02.216 952 952 I binder:952_2: type=1400 audit(0.0:1552): avc: denied { getattr } for path="/sys/kernel/pixel_metrics/modem/modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:36:43.740 988 988 I binder:988_2: type=1400 audit(0.0:970): avc: denied { read } for name="pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:36:43.740 988 988 I binder:988_2: type=1400 audit(0.0:971): avc: denied { open } for path="/sys/kernel/pixel_metrics/modem/pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:36:43.740 988 988 I binder:988_2: type=1400 audit(0.0:972): avc: denied { getattr } for path="/sys/kernel/pixel_metrics/modem/pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:44:06.248 1001 1001 I binder:1001_2: type=1400 audit(0.0:1045): avc: denied { read } for name="pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:44:06.248 1001 1001 I binder:1001_2: type=1400 audit(0.0:1046): avc: denied { open } for path="/sys/kernel/pixel_metrics/modem/pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:44:06.248 1001 1001 I binder:1001_2: type=1400 audit(0.0:1047): avc: denied { getattr } for path="/sys/kernel/pixel_metrics/modem/pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:49:48.640 966 966 I binder:966_2: type=1400 audit(0.0:1124): avc: denied { read } for name="pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:49:48.640 966 966 I binder:966_2: type=1400 audit(0.0:1125): avc: denied { open } for path="/sys/kernel/pixel_metrics/modem/pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:49:48.640 966 966 I binder:966_2: type=1400 audit(0.0:1126): avc: denied { getattr } for path="/sys/kernel/pixel_metrics/modem/pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:58:31.152 945 945 I binder:945_2: type=1400 audit(0.0:973): avc: denied { read } for name="pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:58:31.152 945 945 I binder:945_2: type=1400 audit(0.0:974): avc: denied { open } for path="/sys/kernel/pixel_metrics/modem/pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 01-03 00:58:31.152 945 945 I binder:945_2: type=1400 audit(0.0:975): avc: denied { getattr } for path="/sys/kernel/pixel_metrics/modem/pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902 Flag: EXEMPT update sepolicy Change-Id: I86908fccb65944a8bbc779b5bae38d08c1776c45 --- modem/shared_modem_platform/sepolicy/genfs_contexts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modem/shared_modem_platform/sepolicy/genfs_contexts b/modem/shared_modem_platform/sepolicy/genfs_contexts index 94b4ce0..3075e43 100644 --- a/modem/shared_modem_platform/sepolicy/genfs_contexts +++ b/modem/shared_modem_platform/sepolicy/genfs_contexts @@ -1 +1,6 @@ -genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/modem_wakeup_ap u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_state u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_duration u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_stats u:object_r:sysfs_kernel_metrics:s0 +genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_updown u:object_r:sysfs_kernel_metrics:s0