Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app.

perf_event_max_sample_rate is needed to be read for native profiling, otherwise CTS test can fail on devices with kernel >= 4.4. Before this CL, the file is not readable from untrusted_app domain. This CL makes it readable from both shell domain and untrusted_app domain. Bug: http://b/35554543 Test: build and test on marlin. Change-Id: Id118e06e3c800b70a749ab112e07a4ec24bb5975

Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app.
5b15baeb · Yabin Cui · 2b291121 · 5b15baeb · 5b15baeb · 5b15baeb
Commit 5b15baeb authored 8 years ago by Yabin Cui
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -22,6 +22,7 @@ genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
+genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0
 genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
 genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0

--- a/public/domain.te
+++ b/public/domain.te
@@ -118,6 +118,9 @@ allow domain proc_cpuinfo:file r_file_perms;
 # jemalloc needs to read /proc/sys/vm/overcommit_memory
 allow domain proc_overcommit_memory:file r_file_perms;
+# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate
+allow domain proc_perf:file r_file_perms;
 # toybox loads libselinux which stats /sys/fs/selinux/
 allow domain selinuxfs:dir search;
 allow domain selinuxfs:file getattr;

--- a/public/file.te
+++ b/public/file.te
@@ -18,6 +18,7 @@ type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_net, fs_type;
+type proc_perf, fs_type;
 type proc_stat, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;