From 88ef20aa714ba6fdd2ac9500ddfcd1e5405b3a73 Mon Sep 17 00:00:00 2001
From: Chenbo Feng <fengc@google.com>
Date: Fri, 23 Mar 2018 16:01:10 -0700
Subject: [PATCH] Allow system server to access bpf fs

The permission to allow system_server to access sys/fs/bpf/ directory
is missing. Add it back so it can get the bpf maps from the bpf_fs.

Test: device boot and no more denial information of system_server try to
searcg in fs_bpf
      atest android.net.cts.TrafficStatsTest
Bug: 75285088

Change-Id: I1040cde6c038eccc4e91c69a10b20aa7a18b19f6
(cherry picked from aosp commit f83bbd17b27a4dee370a8a2c37eb9d029281037b)
---
 private/system_server.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/system_server.te b/private/system_server.te
index b0aa9b5aa..0c9067d67 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -756,6 +756,7 @@ with_asan(`
 
 # allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
 # the map after snapshot is recorded
+allow system_server fs_bpf:dir search;
 allow system_server fs_bpf:file read;
 allow system_server netd:bpf map_read;
 
-- 
GitLab