Skip to content
Snippets Groups Projects
Commit 756dd574 authored by Chenbo Feng's avatar Chenbo Feng
Browse files

sepolicy: Allow system server to r/w the bpf maps 

The system server is responsible for providing the network traffic
stats to Apps and services. Allow it to directly reading the eBPF maps
that stored these information can make the process of getting traffic
stats simplier.

Test: No selinux rule violation of system server reading netd bpf object
Bug: 30950746
Change-Id: I6d9438d1ed7c9bab45a708f5d2a85eb22f5e8170
parent 08f92f9c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/system_server.te
+ 5
0
View file @ 756dd574
...@@ -725,6 +725,11 @@ with_asan(` ...@@ -725,6 +725,11 @@ with_asan(`
allow system_server zygote_exec:file rx_file_perms; allow system_server zygote_exec:file rx_file_perms;
') ')
# allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
# the map after snapshot is recorded
allow system_server fs_bpf:file write;
allow system_server netd:bpf { map_read map_write };
# ART Profiles. # ART Profiles.
# Allow system_server to open profile snapshots for read. # Allow system_server to open profile snapshots for read.
# System server never reads the actual content. It passes the descriptor to # System server never reads the actual content. It passes the descriptor to
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment