system_server: allow writing to timerslack_ns

The only file in /proc/<pid>/ that is world writeable is /proc/<pid>/timerslack_ns so granting selinux write permission to a process's /proc/<pid>/ file only allows writing to timerslack_ns (unless the process is running as system UID). Addresses denials such as: avc: denied { write } for comm="Binder:1117_2" name="timerslack_ns" dev="proc" ino=27908 scontext=u:r:system_server:s0 tcontext=u:r:priv_app:s0 tclass=file permissive=1 Bug: 30675296 Test: build Change-Id: I2cee8ce73a0dc05d771881c36da2fde5411859fb

system_server: allow writing to timerslack_ns
5c41d40e · Jeff Vander Stoep · Jeffrey Vander Stoep · f1b06df3 · 5c41d40e
Commit 5c41d40e authored 7 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 7 years ago
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -106,7 +106,9 @@ allow system_server hal_camera:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };
 allow system_server bootanim:process { getsched setsched };

-# Allow system_server to write to cameraserver's /proc/<pid>/timerslack_ns
+# Allow system_server to write to /proc/<pid>/timerslack_ns
+allow system_server appdomain:file w_file_perms;
+allow system_server audioserver:file w_file_perms;
 allow system_server cameraserver:file w_file_perms;

 # Read /proc/pid data for all domains. This is used by ProcessCpuTracker