diff options
| author | Lakshman Annadorai <lakshmana@google.com> | 2021-07-23 18:03:18 +0000 |
|---|---|---|
| committer | Lakshman Annadorai <lakshmana@google.com> | 2021-08-12 19:22:06 +0000 |
| commit | f2a852a404a2cef8bd553250b87cc1dadfe39608 (patch) | |
| tree | 5d2007335a65163903a0c5deca08fcaaa84a424e /cpp/watchdog | |
| parent | 52b4af5d0f9f8fefca58ae0497cb3c3972e79f71 (diff) | |
| download | Car-f2a852a404a2cef8bd553250b87cc1dadfe39608.tar.gz | |
Allow carwatchdogd to read/write from /data/system/car.
On init, carwatchdogd reads the resource overuse configurations from
the /data/system/car/watchdog directory.
On each config update, carwatchdogd writes the resource overuse
configurations to the /data/system/car/watchdog directory.
Test: No seplicy violations
Fixes: 193181896
Change-Id: Ie5cf9d08963a50c380e76cce68ef30f8de5d7c3c
Diffstat (limited to 'cpp/watchdog')
| -rw-r--r-- | cpp/watchdog/sepolicy/private/carwatchdog.te | 16 | ||||
| -rw-r--r-- | cpp/watchdog/sepolicy/public/carwatchdog.te | 4 |
2 files changed, 12 insertions, 8 deletions
diff --git a/cpp/watchdog/sepolicy/private/carwatchdog.te b/cpp/watchdog/sepolicy/private/carwatchdog.te index 91620f5b04..5b18ebf00b 100644 --- a/cpp/watchdog/sepolicy/private/carwatchdog.te +++ b/cpp/watchdog/sepolicy/private/carwatchdog.te @@ -1,4 +1,4 @@ -# Car watchdog server +# Car watchdog server. typeattribute carwatchdogd coredomain; typeattribute carwatchdogd mlstrustedsubject; @@ -9,22 +9,26 @@ add_service(carwatchdogd, carwatchdogd_service) binder_use(carwatchdogd) binder_service(carwatchdogd) -# Configration to communicate with VHAL +# Configration to communicate with VHAL. hwbinder_use(carwatchdogd) get_prop(carwatchdogd, hwservicemanager_prop) hal_client_domain(carwatchdogd, hal_vehicle) -# Scan through /proc/pid for all processes +# Scan through /proc/pid for all processes. r_dir_file(carwatchdogd, domain) -# Read /proc/uid_io/stats +# Read /proc/uid_io/stats. allow carwatchdogd proc_uid_io_stats:file r_file_perms; -# Read /proc/stat file +# Read /proc/stat file. allow carwatchdogd proc_stat:file r_file_perms; -# Read /proc/diskstats file +# Read /proc/diskstats file. allow carwatchdogd proc_diskstats:file r_file_perms; # List HALs to get pid of vehicle HAL. allow carwatchdogd hwservicemanager:hwservice_manager list; + +# R/W /data/system/car for resource overuse configurations. +allow carwatchdogd system_car_data_file:dir create_dir_perms; +allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms; diff --git a/cpp/watchdog/sepolicy/public/carwatchdog.te b/cpp/watchdog/sepolicy/public/carwatchdog.te index 2cb9c5aff3..fd7ab3bc11 100644 --- a/cpp/watchdog/sepolicy/public/carwatchdog.te +++ b/cpp/watchdog/sepolicy/public/carwatchdog.te @@ -1,9 +1,9 @@ -# Car watchdog server +# Car watchdog server. type carwatchdogd, domain; binder_call(carwatchdogd, carwatchdogclient_domain) binder_call(carwatchdogclient_domain, carwatchdogd) -# Configuration for system_server +# Configuration for system_server. allow system_server carwatchdogd_service:service_manager find; binder_call(carwatchdogd, system_server) |