From 1124aeaf32e10b9904a184b9283a8c2621bfb458 Mon Sep 17 00:00:00 2001 From: Kyle Lin Date: Mon, 10 May 2021 16:09:22 +0800 Subject: [PATCH] Add policy for memlat governor needs create/delete perf events [ 31.756984] type=1400 audit(1620144320.436:11): avc: denied { perfmon } for comm="cpuhp/4" capability=38 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability2 permissive=0 [ 31.757246] type=1400 audit(1620144320.436:12): avc: denied { sys_admin } for comm="cpuhp/4" capability=21 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0 [ 31.757352] type=1400 audit(1620144320.436:13): avc: denied { perfmon } for comm="cpuhp/4" capability=38 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability2 permissive=0 [ 31.757450] type=1400 audit(1620144320.436:14): avc: denied { sys_admin } for comm="cpuhp/4" capability=21 scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=0 ... ... [ 215.584932] type=1400 audit(1620634018.936:191): avc: denied { cpu } for comm="cpuhp/4" scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=perf_event permissive=0 Bug: 187437491 Bug: 170479743 Test: build, boot and suspend/resume test 200 times. Change-Id: I4fd3d3fb915ca518ffa226f25298c94faaf867f1 --- whitechapel/vendor/google/kernel.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/whitechapel/vendor/google/kernel.te b/whitechapel/vendor/google/kernel.te index cab39fb5..0156784e 100644 --- a/whitechapel/vendor/google/kernel.te +++ b/whitechapel/vendor/google/kernel.te @@ -3,3 +3,7 @@ allow kernel vendor_fw_file:file r_file_perms; # ZRam allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu;