diff options
| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2021-08-19 20:50:37 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-08-19 20:50:37 +0000 |
| commit | d6c69e0e0a116ae4b242eef284475afd818c7f71 (patch) | |
| tree | 17906e3e280b29bf4920b3edbe3302b194f24240 /cpp/watchdog | |
| parent | 8e6dcb1363c00e0933be5ccfcd38d3a58394f81d (diff) | |
| parent | f2a852a404a2cef8bd553250b87cc1dadfe39608 (diff) | |
| download | Car-d6c69e0e0a116ae4b242eef284475afd818c7f71.tar.gz | |
Merge "Allow carwatchdogd to read/write from /data/system/car." into sc-v2-dev
Diffstat (limited to 'cpp/watchdog')
| -rw-r--r-- | cpp/watchdog/sepolicy/private/carwatchdog.te | 16 | ||||
| -rw-r--r-- | cpp/watchdog/sepolicy/public/carwatchdog.te | 4 |
2 files changed, 12 insertions, 8 deletions
diff --git a/cpp/watchdog/sepolicy/private/carwatchdog.te b/cpp/watchdog/sepolicy/private/carwatchdog.te index 91620f5b04..5b18ebf00b 100644 --- a/cpp/watchdog/sepolicy/private/carwatchdog.te +++ b/cpp/watchdog/sepolicy/private/carwatchdog.te @@ -1,4 +1,4 @@ -# Car watchdog server +# Car watchdog server. typeattribute carwatchdogd coredomain; typeattribute carwatchdogd mlstrustedsubject; @@ -9,22 +9,26 @@ add_service(carwatchdogd, carwatchdogd_service) binder_use(carwatchdogd) binder_service(carwatchdogd) -# Configration to communicate with VHAL +# Configration to communicate with VHAL. hwbinder_use(carwatchdogd) get_prop(carwatchdogd, hwservicemanager_prop) hal_client_domain(carwatchdogd, hal_vehicle) -# Scan through /proc/pid for all processes +# Scan through /proc/pid for all processes. r_dir_file(carwatchdogd, domain) -# Read /proc/uid_io/stats +# Read /proc/uid_io/stats. allow carwatchdogd proc_uid_io_stats:file r_file_perms; -# Read /proc/stat file +# Read /proc/stat file. allow carwatchdogd proc_stat:file r_file_perms; -# Read /proc/diskstats file +# Read /proc/diskstats file. allow carwatchdogd proc_diskstats:file r_file_perms; # List HALs to get pid of vehicle HAL. allow carwatchdogd hwservicemanager:hwservice_manager list; + +# R/W /data/system/car for resource overuse configurations. +allow carwatchdogd system_car_data_file:dir create_dir_perms; +allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms; diff --git a/cpp/watchdog/sepolicy/public/carwatchdog.te b/cpp/watchdog/sepolicy/public/carwatchdog.te index 2cb9c5aff3..fd7ab3bc11 100644 --- a/cpp/watchdog/sepolicy/public/carwatchdog.te +++ b/cpp/watchdog/sepolicy/public/carwatchdog.te @@ -1,9 +1,9 @@ -# Car watchdog server +# Car watchdog server. type carwatchdogd, domain; binder_call(carwatchdogd, carwatchdogclient_domain) binder_call(carwatchdogclient_domain, carwatchdogd) -# Configuration for system_server +# Configuration for system_server. allow system_server carwatchdogd_service:service_manager find; binder_call(carwatchdogd, system_server) |