diff --git a/private/file_contexts b/private/file_contexts index ade74724b8bd637080093484b1034faf76000096..c96517e4fb6aa6063a4640290f341ab6fd58b5b9 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -452,83 +452,6 @@ # LocalTransport (backup) uses this subtree /data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 -############################# -# sysfs files -# -/sys/class/leds(/.*)? u:object_r:sysfs_leds:s0 -/sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0 -/sys/devices/virtual/block/zram\d+(/.*)? u:object_r:sysfs_zram:s0 -/sys/devices/virtual/block/zram\d+/uevent u:object_r:sysfs_zram_uevent:s0 -/sys/devices/virtual/misc/hw_random(/.*)? u:object_r:sysfs_hwrandom:s0 -/sys/fs/ext4/features(/.*)? u:object_r:sysfs_fs_ext4_features:s0 -/sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0 -/sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0 -/sys/kernel/uevent_helper -- u:object_r:usermodehelper:s0 -/sys/module/lowmemorykiller(/.*)? -- u:object_r:sysfs_lowmemorykiller:s0 -/sys/module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 -/sys/devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 - -############################# -# debugfs files -# -/sys/kernel/debug/mmc0(/.*)? u:object_r:debugfs_mmc:s0 - -############################# -# tracefs files -# -/sys/kernel(/debug)?/tracing/buffer_size_kb u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/binder/binder_locked/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/binder/binder_lock/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/binder/binder_transaction/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/binder/binder_transaction_received/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/binder/binder_unlock/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/cpufreq_interactive/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/power/clock_set_rate/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/power/cpu_frequency/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/power/cpu_frequency_limits/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/power/cpu_idle/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/sched/sched_blocked_reason/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/sched/sched_cpu_hotplug/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/sched/sched_switch/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/sched/sched_wakeup/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_end/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_sleep/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_wake/enable u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/instances(/.*)? u:object_r:debugfs_tracing_instances:s0 -/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer u:object_r:debugfs_wifi_tracing:s0 -/sys/kernel(/debug)?/tracing/instances/wifi/trace u:object_r:debugfs_wifi_tracing:s0 -/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on u:object_r:debugfs_wifi_tracing:s0 -/sys/kernel(/debug)?/tracing/options/overwrite u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/options/print-tgid u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/trace u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/trace_clock u:object_r:tracing_shell_writable:s0 -/sys/kernel(/debug)?/tracing/trace_marker u:object_r:debugfs_trace_marker:s0 -/sys/kernel(/debug)?/tracing/tracing_on u:object_r:tracing_shell_writable:s0 - -########################################### -# debug-only tracing -# -/sys/kernel/debug/tracing/events/sync/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/workqueue/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/regulator/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/pagecache/enable u:object_r:tracing_shell_writable_debug:s0 - -/sys/kernel/debug/tracing/events/irq/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/ipi/enable u:object_r:tracing_shell_writable_debug:s0 - -/sys/kernel/debug/tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/f2fs/f2fs_write_begin/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/f2fs/f2fs_write_end/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/ext4/ext4_da_write_begin/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/ext4/ext4_da_write_end/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/block/block_rq_issue/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/events/block/block_rq_complete/enable u:object_r:tracing_shell_writable_debug:s0 -/sys/kernel/debug/tracing/saved_cmdlines_size u:object_r:tracing_shell_writable_debug:s0 - ############################# # asec containers /mnt/asec(/.*)? u:object_r:asec_apk_file:s0 diff --git a/private/genfs_contexts b/private/genfs_contexts index 26301ae034ccf7647fbe01bb025cb89b89d8690d..3914cec7d03874d625d69d837f38ddc9370bbfd0 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -49,6 +49,66 @@ genfscon cgroup / u:object_r:cgroup:s0 # sysfs labels can be set by userspace. genfscon sysfs / u:object_r:sysfs:s0 genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0 +genfscon sysfs /class/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0 +genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0 +genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0 +genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /kernel/uevent_helper u:object_r:usermodehelper:s0 +genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0 +genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 +genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 + +genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0 +genfscon debugfs /tracing u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0 +genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0 +genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0 + +genfscon debugfs /tracing/events/sync/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/workqueue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/regulator/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/pagecache/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/irq/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ipi/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0 + +genfscon tracefs /events/sync/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/workqueue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/regulator/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/pagecache/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/irq/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ipi/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0 + genfscon inotifyfs / u:object_r:inotify:s0 genfscon vfat / u:object_r:vfat:s0 genfscon debugfs / u:object_r:debugfs:s0 diff --git a/private/shell.te b/private/shell.te index 90bed27e7443f84f2862106f720a7c8261188af8..088682015e234534d14c7fc40bc0b362eb66136d 100644 --- a/private/shell.te +++ b/private/shell.te @@ -5,8 +5,8 @@ allow shell uhid_device:chr_file rw_file_perms; # systrace support - allow atrace to run allow shell debugfs_tracing:dir r_dir_perms; -allow shell debugfs_tracing:file r_file_perms; -allow shell tracing_shell_writable:file rw_file_perms; +allow shell debugfs_tracing:file rw_file_perms; + allow shell debugfs_trace_marker:file getattr; allow shell atrace_exec:file rx_file_perms; @@ -14,7 +14,7 @@ allow shell atrace_exec:file rx_file_perms; allow shell config_gz:file r_file_perms; userdebug_or_eng(` - allow shell tracing_shell_writable_debug:file rw_file_perms; + allow shell debugfs_tracing_debug:file rw_file_perms; ') # Run app_process. diff --git a/private/system_server.te b/private/system_server.te index dfe724e470f4440a57b8c0dd111f894cd06e5f75..72728c70418c35d9c0cd3fec83d47c5aebff7b60 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -685,6 +685,7 @@ allow system_server sysfs_leds:dir r_dir_perms; # Allow WifiService to start, stop, and read wifi-specific trace events. allow system_server debugfs_tracing_instances:dir search; +allow system_server debugfs_wifi_tracing:dir search; allow system_server debugfs_wifi_tracing:file rw_file_perms; # allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run diff --git a/public/file.te b/public/file.te index d85884b1bf4895c8c44528fd50f8b3b255f216b6..8388c3b5a041d3135d3d16e1fe8b015adcd2e3be 100644 --- a/public/file.te +++ b/public/file.te @@ -68,11 +68,9 @@ type debugfs, fs_type; type debugfs_mmc, fs_type, debugfs_type; type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; type debugfs_tracing, fs_type, debugfs_type; +type debugfs_tracing_debug, fs_type, debugfs_type; type debugfs_tracing_instances, fs_type, debugfs_type; type debugfs_wifi_tracing, fs_type, debugfs_type; -type tracing_shell_writable, fs_type, debugfs_type; -type tracing_shell_writable_debug, fs_type, debugfs_type; - type pstorefs, fs_type; type functionfs, fs_type, mlstrustedobject; type oemfs, fs_type, contextmount_type; diff --git a/public/init.te b/public/init.te index 0e9c7695be62a0206f05535b2ae3dc9f869a5c97..a007fc2742f39bcdd46b37c831d482b5ca83028e 100644 --- a/public/init.te +++ b/public/init.te @@ -193,7 +193,7 @@ allow init dev_type:dir create_dir_perms; allow init dev_type:lnk_file create; # Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on -allow init tracing_shell_writable:file w_file_perms; +allow init debugfs_tracing:file w_file_perms; # Setup and control wifi event tracing (see wifi-events.rc) allow init debugfs_tracing_instances:dir create_dir_perms;