Merge "Allow system_server access to CMA sysfs nodes" into main

commit: 57ab5761ee5b8e619718ea4b97787f58e7c313bb [log] [tgz]
author: Isaac Manjarres <isaacmanjarres@google.com> Thu Jan 09 10:26:57 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jan 09 10:26:57 2025 -0800
tree: 84be12c78b57d0e22fb4a2b9d489f04297b7b2b9
parent: b017b3ff412769ea2f6f5ceb52bc3c0c14c5cffc [diff]
parent: df505fe698832ccc4d91bbf61bb416941831d84a [diff]
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 40a2936..91ca88f 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil

@@ -23,6 +23,7 @@
     profcollectd_etr_prop
     ranging_service
     supervision_service
+    sysfs_cma
     sysfs_firmware_acpi_tables
     tee_service_contexts_file
     trusty_security_vm_sys_vendor_prop

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 62d6c1a..a872a04 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -169,6 +169,9 @@
 genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
 genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+starting_at_board_api(202504, `
+genfscon sysfs /kernel/mm/cma u:object_r:sysfs_cma:s0
+')
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
 genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
 genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0

diff --git a/private/system_server.te b/private/system_server.te
index fecca1b..20556ab 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -243,6 +243,11 @@
 # Read /sys/kernel/dma_heap/*.
 allow system_server sysfs_dma_heap:file r_file_perms;
 
+# Read /sys/kernel/mm/cma/*.
+starting_at_board_api(202504, `
+allow system_server sysfs_cma:file r_file_perms;
+')
+
 # Allow reading DMA-BUF sysfs stats from /sys/kernel/dmabuf.
 allow system_server sysfs_dmabuf_stats:dir r_dir_perms;
 allow system_server sysfs_dmabuf_stats:file r_file_perms;

diff --git a/public/file.te b/public/file.te
index 4fca64e..7a8e3af 100644
--- a/public/file.te
+++ b/public/file.te

@@ -103,6 +103,11 @@
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+
+starting_at_board_api(202504, `
+    type sysfs_cma, fs_type, sysfs_type;
+')
+
 type sysfs_devfreq_cur, fs_type, sysfs_type;
 type sysfs_devfreq_dir, fs_type, sysfs_type;
 type sysfs_devices_block, fs_type, sysfs_type;
commit	57ab5761ee5b8e619718ea4b97787f58e7c313bb	[log] [tgz]
author	Isaac Manjarres <isaacmanjarres@google.com>	Thu Jan 09 10:26:57 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Jan 09 10:26:57 2025 -0800
tree	84be12c78b57d0e22fb4a2b9d489f04297b7b2b9
parent	b017b3ff412769ea2f6f5ceb52bc3c0c14c5cffc [diff]
parent	df505fe698832ccc4d91bbf61bb416941831d84a [diff]