Merge changes If26ba23d,Ibea38822
* changes:
Revert "Revert "Exclude vendor_modprobe from debugfs neverallow restrictions""
Revert "Revert "Add neverallows for debugfs access""
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index ac3d463..9f40876 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -2012,6 +2012,7 @@
(typeattributeset surfaceflinger_tmpfs_30_0 (surfaceflinger_tmpfs))
(typeattributeset swap_block_device_30_0 (swap_block_device))
(typeattributeset sysfs_30_0 (sysfs sysfs_fs_incfs_features))
+(typeattributeset sysfs_30_0 (sysfs sysfs_fs_incfs_metrics))
(typeattributeset sysfs_android_usb_30_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_30_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_30_0 (sysfs_bluetooth_writable))
diff --git a/private/dumpstate.te b/private/dumpstate.te
index f418fa3..37a9a0c 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -53,6 +53,10 @@
netd
}:process signal;
+userdebug_or_eng(`
+ allow dumpstate keystore:process signal;
+')
+
# For collecting bugreports.
no_debugfs_restriction(`
allow dumpstate debugfs_wakeup_sources:file r_file_perms;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index af1b692..3499aa0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -142,6 +142,7 @@
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
genfscon sysfs /fs/incremental-fs/features u:object_r:sysfs_fs_incfs_features:s0
+genfscon sysfs /fs/incremental-fs/instances u:object_r:sysfs_fs_incfs_metrics:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
diff --git a/private/system_server.te b/private/system_server.te
index 08c4e40..dcccc5e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -46,6 +46,9 @@
INCFS_IOCTL_GET_BLOCK_COUNT
};
+# For Incremental Service to check incfs metrics
+allow system_server sysfs_fs_incfs_metrics:file r_file_perms;
+
# For art.
allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 13cdc6e..2250482 100644
--- a/public/file.te
+++ b/public/file.te
@@ -115,6 +115,7 @@
type sysfs_fs_ext4_features, sysfs_type, fs_type;
type sysfs_fs_f2fs, sysfs_type, fs_type;
type sysfs_fs_incfs_features, sysfs_type, fs_type;
+type sysfs_fs_incfs_metrics, sysfs_type, fs_type;
type fs_bpf, fs_type;
type fs_bpf_tethering, fs_type;
type configfs, fs_type;
