sepolicy: legacy: Allow changing priority of process from PerfHal.

As part of changing scheduling policy of a process given its pid, required the permissions mentioend. Change-Id: I00d2c49a6bbb9168cd192ce398bf26104f5ff09e
appdevwk · Jan 9, 2024 · 0ae9b3f · 0ae9b3f
1 parent 85387af
commit 0ae9b3f
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 0 deletions.
diff --git a/sepolicy/legacy/vendor/common/domain.te b/sepolicy/legacy/vendor/common/domain.te
@@ -65,6 +65,14 @@ neverallow {
     -vold
     } vendor_persist_type: { dir file } *;
 
+neverallow {
+    domain
+    -init
+    -dumpstate
+    -vendor_init
+    -vendor_hal_perf_default
+} vendor_procomp_prop:file *;
+
 allow { domain - coredomain } mnt_vendor_file:lnk_file r_file_perms;
 
 allowxperm domain domain:icmp_socket ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };

diff --git a/sepolicy/legacy/vendor/common/hal_perf_default.te b/sepolicy/legacy/vendor/common/hal_perf_default.te
@@ -113,6 +113,7 @@ hal_client_domain(vendor_hal_perf_default, vendor_hal_qspmhal);
 # Allow hal_perf to set property
 set_prop(vendor_hal_perf_default, vendor_mpctl_prop)
 set_prop(vendor_hal_perf_default, vendor_wlc_public_prop)
+set_prop(vendor_hal_perf_default, vendor_procomp_prop)
 
 #Allow Display Config access
 hal_client_domain(vendor_hal_perf_default, hal_graphics_composer);

diff --git a/sepolicy/legacy/vendor/common/property.te b/sepolicy/legacy/vendor/common/property.te
@@ -59,6 +59,7 @@ vendor_restricted_prop(vendor_bg_boot_complete_prop);
 vendor_restricted_prop(vendor_opengles_prop);
 vendor_internal_prop(vendor_mdm_helper_prop);
 vendor_restricted_prop(vendor_mpctl_prop);
+vendor_internal_prop(vendor_procomp_prop);
 vendor_restricted_prop(vendor_iop_prop);
 vendor_restricted_prop(vendor_public_vendor_default_prop);
 #Scroll Pre-obtain

diff --git a/sepolicy/legacy/vendor/common/property_contexts b/sepolicy/legacy/vendor/common/property_contexts
@@ -78,6 +78,8 @@ vendor.perf.cores_online   u:object_r:vendor_mpctl_prop:s0
 persist.vendor.qti.        u:object_r:vendor_mpctl_prop:s0
 ro.vendor.at_library       u:object_r:vendor_mpctl_prop:s0
 vendor.debug.trace.perf    u:object_r:vendor_mpctl_prop:s0
+vendor.change.cgroup                   u:object_r:vendor_procomp_prop:s0
+vendor.change.cgroup.for.pid           u:object_r:vendor_procomp_prop:s0
 vendor.iop.enable_uxe      u:object_r:vendor_iop_prop:s0
 vendor.perf.iop_v3.enable  u:object_r:vendor_iop_prop:s0
 vendor.perf.iop_v3.enable.debug u:object_r:vendor_iop_prop:s0

diff --git a/sepolicy/legacy/vendor/common/vendor_init.te b/sepolicy/legacy/vendor/common/vendor_init.te
@@ -74,6 +74,10 @@ set_prop(vendor_init, vendor_ipacm-diag_prop)
 set_prop(vendor_init, vendor_radio_prop)
 set_prop(vendor_init, vendor_am_prop)
 set_prop(vendor_init, vendor_mpctl_prop)
+get_prop(vendor_init, vendor_procomp_prop)
+allow vendor_init kernel:process setsched;
+allow vendor_init kernel:dir search;
+allow vendor_init kernel:file { open write };
 
 #Access vendor display properties
 set_prop(vendor_init, vendor_display_prop)