From 86d7d36fcfa70e384207e79c0e6ecdb1d6dc4fef Mon Sep 17 00:00:00 2001 From: Ziyi Cui Date: Thu, 17 Nov 2022 19:14:01 +0000 Subject: [PATCH 1/2] [ DO NOT MERGE ] gs101-sepolicy: pixelstats: enable pixelstats access to temp-residency-metrics enable pixelstats access to sysfs path Bug: 246799997 Test: Verified the existence of atom and correctness of atom stats Change-Id: If329f2a65ed4cf347bd57150c637d38312f3dcb1 Signed-off-by: Ziyi Cui --- whitechapel/vendor/google/file.te | 3 +++ whitechapel/vendor/google/genfs_contexts | 3 +++ whitechapel/vendor/google/pixelstats_vendor.te | 3 +++ 3 files changed, 9 insertions(+) diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te index 847499d1..48cb759d 100644 --- a/whitechapel/vendor/google/file.te +++ b/whitechapel/vendor/google/file.te @@ -213,6 +213,9 @@ type sysfs_trusty, sysfs_type, fs_type; # BootControl type sysfs_bootctl, sysfs_type, fs_type; +#vendor-metrics +type sysfs_vendor_metrics, fs_type, sysfs_type; + # Radio type radio_vendor_data_file, file_type, data_file_type; userdebug_or_eng(` diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts index 42ae9f93..9f2f3c89 100644 --- a/whitechapel/vendor/google/genfs_contexts +++ b/whitechapel/vendor/google/genfs_contexts @@ -551,6 +551,9 @@ genfscon sysfs /devices/platform/100b0000.G3D u:obje genfscon sysfs /devices/platform/100b0000.ISP u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 +#vendor-metrics +genfscon sysfs /kernel/metrics/temp_residency/temp_residency_all/stats u:object_r:sysfs_vendor_metrics:s0 + # Trusty genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 diff --git a/whitechapel/vendor/google/pixelstats_vendor.te b/whitechapel/vendor/google/pixelstats_vendor.te index f0cca685..eb255475 100644 --- a/whitechapel/vendor/google/pixelstats_vendor.te +++ b/whitechapel/vendor/google/pixelstats_vendor.te @@ -23,6 +23,9 @@ allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; # Batery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) + # BCL allow pixelstats_vendor sysfs_bcl:dir search; allow pixelstats_vendor sysfs_bcl:file r_file_perms; From 713d3ebf052b474043a8d5f40ef0ac5b7f4ecb2b Mon Sep 17 00:00:00 2001 From: Ziyi Cui Date: Tue, 29 Nov 2022 10:55:04 -0800 Subject: [PATCH 2/2] gs101-sepolicy:dumpstate: allow dumpstate access sysfs_vendor_metrics Test: "adb bugreport" includes metrics capture. Bug: 246799997 Test: "adb bugreport" includes metrics capture. Change-Id: I48247f8378e52d15b264c37342dee5a938ba90a1 Signed-off-by: Ziyi Cui --- whitechapel/vendor/google/hal_dumpstate_default.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/whitechapel/vendor/google/hal_dumpstate_default.te b/whitechapel/vendor/google/hal_dumpstate_default.te index 28137c77..314546f2 100644 --- a/whitechapel/vendor/google/hal_dumpstate_default.te +++ b/whitechapel/vendor/google/hal_dumpstate_default.te @@ -143,6 +143,9 @@ userdebug_or_eng(` allow hal_dumpstate_default vendor_maxfg_debugfs:dir search; allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; + allow hal_dumpstate_default sysfs_vendor_metrics:dir search; + allow hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; @@ -173,6 +176,9 @@ dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:dir r_dir_perms; dontaudit hal_dumpstate_default sysfs_pixel_stat:file r_file_perms; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:dir search; +dontaudit hal_dumpstate_default sysfs_vendor_metrics:file r_file_perms; + dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; dontaudit hal_dumpstate_default vendor_dri_debugfs:dir search;