kernel metrics: add selinux policy for kernel metrics feature

Add selinux policy for modem_wakeup_ap, pcie_link_state, pcie_link_duration, pcie_link_stats, pcie_link_updown

Bug: 368510043

01-03 00:28:02.216   952   952 I binder:952_2: type=1400 audit(0.0:1550): avc:  denied  { read } for  name="modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:28:02.216   952   952 I binder:952_2: type=1400 audit(0.0:1551): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:28:02.216   952   952 I binder:952_2: type=1400 audit(0.0:1552): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/modem_wakeup_ap" dev="sysfs" ino=146476 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902

01-03 00:36:43.740   988   988 I binder:988_2: type=1400 audit(0.0:970): avc:  denied  { read } for  name="pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:36:43.740   988   988 I binder:988_2: type=1400 audit(0.0:971): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:36:43.740   988   988 I binder:988_2: type=1400 audit(0.0:972): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_state" dev="sysfs" ino=153493 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902

01-03 00:44:06.248  1001  1001 I binder:1001_2: type=1400 audit(0.0:1045): avc:  denied  { read } for  name="pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:44:06.248  1001  1001 I binder:1001_2: type=1400 audit(0.0:1046): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:44:06.248  1001  1001 I binder:1001_2: type=1400 audit(0.0:1047): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_duration" dev="sysfs" ino=153542 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902

01-03 00:49:48.640   966   966 I binder:966_2: type=1400 audit(0.0:1124): avc:  denied  { read } for  name="pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:49:48.640   966   966 I binder:966_2: type=1400 audit(0.0:1125): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:49:48.640   966   966 I binder:966_2: type=1400 audit(0.0:1126): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_stats" dev="sysfs" ino=153354 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902

01-03 00:58:31.152   945   945 I binder:945_2: type=1400 audit(0.0:973): avc:  denied  { read } for  name="pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:58:31.152   945   945 I binder:945_2: type=1400 audit(0.0:974): avc:  denied  { open } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902
01-03 00:58:31.152   945   945 I binder:945_2: type=1400 audit(0.0:975): avc:  denied  { getattr } for  path="/sys/kernel/pixel_metrics/modem/pcie_link_updown" dev="sysfs" ino=153308 scontext=u:r:shared_modem_platform:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 bug=b/369735902

Flag: EXEMPT update sepolicy
Change-Id: I86908fccb65944a8bbc779b5bae38d08c1776c45
This commit is contained in:
Eileen Lai 2025-01-02 18:09:35 +00:00
parent a8634006fb
commit ca670f1106

View file

@ -1 +1,6 @@
genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_kernel_metrics:s0 genfscon sysfs /kernel/pixel_metrics/modem/modem_boot_duration u:object_r:sysfs_kernel_metrics:s0
genfscon sysfs /kernel/pixel_metrics/modem/modem_wakeup_ap u:object_r:sysfs_kernel_metrics:s0
genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_state u:object_r:sysfs_kernel_metrics:s0
genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_duration u:object_r:sysfs_kernel_metrics:s0
genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_stats u:object_r:sysfs_kernel_metrics:s0
genfscon sysfs /kernel/pixel_metrics/modem/pcie_link_updown u:object_r:sysfs_kernel_metrics:s0