pixel-sepolicy: query MM Metrics in user buildHEADmastermain

* pixel-sepolicy:
    - allow pixelstats to query more MM Metrics in user build (some
      sysfs nodes: previously userdebug/eng builds only)
    - Add permission to read /proc/meminfo, /proc/stat

Test: local devices sysnode access test
Bug: 320418316
Change-Id: I8a74458be02d5c22e37c5a7d461c8e8498a8da9e
Signed-off-by: Robin Hsu <robinhsu@google.com>

1 files changed, 16 insertions, 13 deletions

diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te
index d0850b1..5a90395 100644
--- a/pixelstats/pixelstats_vendor.te
+++ b/pixelstats/pixelstats_vendor.te
@@ -22,18 +22,21 @@ get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop)
 allow pixelstats_vendor fwk_stats_service:service_manager find;
 binder_call(pixelstats_vendor, stats_service_server)
 
-allow pixelstats_vendor sysfs_zram:dir search;
-allow pixelstats_vendor sysfs_zram:file r_file_perms;
+# Pixel MM Metrics: (Atoms: PixelMmMetricsPerHour, PixelMmMetricsPerDay,
+#                    CmaStatus, CmaStatusExt, ZramBdStat, ZramMmStat)
+allow pixelstats_vendor kernel:dir search;
+allow pixelstats_vendor kernel:file r_file_perms;
+allow pixelstats_vendor proc_meminfo:file r_file_perms;
+allow pixelstats_vendor proc_pressure_cpu:file r_file_perms;
+allow pixelstats_vendor proc_pressure_io:file r_file_perms;
+allow pixelstats_vendor proc_pressure_mem:file r_file_perms;
+allow pixelstats_vendor proc_stat:file r_file_perms;
+allow pixelstats_vendor proc_vmstat:file r_file_perms;
+allow pixelstats_vendor sysfs_dma_heap:dir search;
+allow pixelstats_vendor sysfs_dma_heap:file r_file_perms;
+allow pixelstats_vendor sysfs_ion:dir search;
+allow pixelstats_vendor sysfs_ion:file r_file_perms;
 allow pixelstats_vendor sysfs_pixel_stat:dir r_dir_perms;
 allow pixelstats_vendor sysfs_pixel_stat:file r_file_perms;
-
-userdebug_or_eng(`
-  allow pixelstats_vendor { proc_pressure_cpu proc_pressure_io proc_pressure_mem }:file r_file_perms;
-  allow pixelstats_vendor proc_vmstat:file r_file_perms;
-  allow pixelstats_vendor sysfs_ion:dir search;
-  allow pixelstats_vendor sysfs_ion:file r_file_perms;
-  allow pixelstats_vendor sysfs_dma_heap:dir search;
-  allow pixelstats_vendor sysfs_dma_heap:file r_file_perms;
-  allow pixelstats_vendor kernel:dir search;
-  allow pixelstats_vendor kernel:file r_file_perms;
-')
+allow pixelstats_vendor sysfs_zram:dir search;
+allow pixelstats_vendor sysfs_zram:file r_file_perms;