commit 022c0815f4fca33869bd7e279fcad2decfff416e
author Robin Hsu <robinhsu@google.com> Sun Apr 21 13:12:43 2024 +0000
committer Robin Hsu <robinhsu@google.com> Sun Apr 21 13:36:59 2024 +0000
tree 2346c12369b7a4ea5103b3a56f3ced66cd8136e6
parent c6f6a48eeaf26d1d1b934c64505aee620344f684

pixel-sepolicy: query MM Metrics in user build

* pixel-sepolicy:
    - allow pixelstats to query more MM Metrics in user build (some
      sysfs nodes: previously userdebug/eng builds only)
    - Add permission to read /proc/meminfo, /proc/stat

Test: local devices sysnode access test
Bug: 320418316
Change-Id: I8a74458be02d5c22e37c5a7d461c8e8498a8da9e
Signed-off-by: Robin Hsu <robinhsu@google.com>

pixelstats/pixelstats_vendor.te

diff --git a/pixelstats/pixelstats_vendor.te b/pixelstats/pixelstats_vendor.te
index d0850b1..5a90395 100644
--- a/pixelstats/pixelstats_vendor.te
+++ b/pixelstats/pixelstats_vendor.te
@@ -22,18 +22,21 @@
 allow pixelstats_vendor fwk_stats_service:service_manager find;
 binder_call(pixelstats_vendor, stats_service_server)
 
-allow pixelstats_vendor sysfs_zram:dir search;
-allow pixelstats_vendor sysfs_zram:file r_file_perms;
+# Pixel MM Metrics: (Atoms: PixelMmMetricsPerHour, PixelMmMetricsPerDay,
+#                    CmaStatus, CmaStatusExt, ZramBdStat, ZramMmStat)
+allow pixelstats_vendor kernel:dir search;
+allow pixelstats_vendor kernel:file r_file_perms;
+allow pixelstats_vendor proc_meminfo:file r_file_perms;
+allow pixelstats_vendor proc_pressure_cpu:file r_file_perms;
+allow pixelstats_vendor proc_pressure_io:file r_file_perms;
+allow pixelstats_vendor proc_pressure_mem:file r_file_perms;
+allow pixelstats_vendor proc_stat:file r_file_perms;
+allow pixelstats_vendor proc_vmstat:file r_file_perms;
+allow pixelstats_vendor sysfs_dma_heap:dir search;
+allow pixelstats_vendor sysfs_dma_heap:file r_file_perms;
+allow pixelstats_vendor sysfs_ion:dir search;
+allow pixelstats_vendor sysfs_ion:file r_file_perms;
 allow pixelstats_vendor sysfs_pixel_stat:dir r_dir_perms;
 allow pixelstats_vendor sysfs_pixel_stat:file r_file_perms;
-
-userdebug_or_eng(`
-  allow pixelstats_vendor { proc_pressure_cpu proc_pressure_io proc_pressure_mem }:file r_file_perms;
-  allow pixelstats_vendor proc_vmstat:file r_file_perms;
-  allow pixelstats_vendor sysfs_ion:dir search;
-  allow pixelstats_vendor sysfs_ion:file r_file_perms;
-  allow pixelstats_vendor sysfs_dma_heap:dir search;
-  allow pixelstats_vendor sysfs_dma_heap:file r_file_perms;
-  allow pixelstats_vendor kernel:dir search;
-  allow pixelstats_vendor kernel:file r_file_perms;
-')
+allow pixelstats_vendor sysfs_zram:dir search;
+allow pixelstats_vendor sysfs_zram:file r_file_perms;