Allow system_server to read all /proc files

system_server scans through /proc to keep track of process memory and CPU usage. It needs to do this for all processes, not just appdomain processes, to properly account for CPU and memory usage. Allow it. Addresses the following errors which have been showing up in logcat: W/ProcessCpuTracker(12159): Skipping unknown process pid 1 W/ProcessCpuTracker(12159): Skipping unknown process pid 2 W/ProcessCpuTracker(12159): Skipping unknown process pid 3 Bug: 15862412 Change-Id: I0a75314824404e060c6914c06a371f2ff2e80512

Allow system_server to read all /proc files
8c6552ac · Nick Kralevich · a1558be5 · 8c6552ac
Commit 8c6552ac authored 10 years ago by Nick Kralevich
--- a/system_server.te
+++ b/system_server.te
@@ -77,19 +77,14 @@ allow system_server appdomain:process { sigkill signal };
 allow system_server appdomain:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };

-# Read /proc/pid data for apps.
-r_dir_file(system_server, appdomain)
+# Read /proc/pid data for all domains. This is used by ProcessCpuTracker
+# within system_server to keep track of memory and CPU usage for
+# all processes on the device.
+r_dir_file(system_server, domain)

 # Write to /proc/pid/oom_adj_score for apps.
 allow system_server appdomain:file write;

-# Silently deny access to any /proc/pid files other than
-# the ones allowed via allow rule.  Avoids filling the logs
-# with noise from /proc/pid traversals by ActivityManager,
-# CpuTracker, and possibly other system_server components.
-dontaudit system_server domain:dir r_dir_perms;
-dontaudit system_server domain:{ file lnk_file } r_file_perms;
-
 # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
 allow system_server qtaguid_proc:file rw_file_perms;
 allow system_server qtaguid_device:chr_file rw_file_perms;