Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / services / Car / f2a852a404a2cef8bd553250b87cc1dadfe39608^! / .
commitf2a852a404a2cef8bd553250b87cc1dadfe39608[log] [tgz]
authorLakshman Annadorai <lakshmana@google.com>Fri Jul 23 18:03:18 2021 +0000
committerLakshman Annadorai <lakshmana@google.com>Thu Aug 12 19:22:06 2021 +0000
tree5d2007335a65163903a0c5deca08fcaaa84a424e
parent52b4af5d0f9f8fefca58ae0497cb3c3972e79f71 [diff]
Allow carwatchdogd to read/write from /data/system/car.

On init, carwatchdogd reads the resource overuse configurations from
the /data/system/car/watchdog directory.

On each config update, carwatchdogd writes the resource overuse
configurations to the /data/system/car/watchdog directory.

Test: No seplicy violations
Fixes: 193181896

Change-Id: Ie5cf9d08963a50c380e76cce68ef30f8de5d7c3c

diff --git a/cpp/watchdog/sepolicy/private/carwatchdog.te b/cpp/watchdog/sepolicy/private/carwatchdog.te
index 91620f5..5b18ebf 100644
--- a/cpp/watchdog/sepolicy/private/carwatchdog.te
+++ b/cpp/watchdog/sepolicy/private/carwatchdog.te

@@ -1,4 +1,4 @@
-# Car watchdog server
+# Car watchdog server.
 typeattribute carwatchdogd coredomain;
 typeattribute carwatchdogd mlstrustedsubject;
 
@@ -9,22 +9,26 @@
 binder_use(carwatchdogd)
 binder_service(carwatchdogd)
 
-# Configration to communicate with VHAL
+# Configration to communicate with VHAL.
 hwbinder_use(carwatchdogd)
 get_prop(carwatchdogd, hwservicemanager_prop)
 hal_client_domain(carwatchdogd, hal_vehicle)
 
-# Scan through /proc/pid for all processes
+# Scan through /proc/pid for all processes.
 r_dir_file(carwatchdogd, domain)
 
-# Read /proc/uid_io/stats
+# Read /proc/uid_io/stats.
 allow carwatchdogd proc_uid_io_stats:file r_file_perms;
 
-# Read /proc/stat file
+# Read /proc/stat file.
 allow carwatchdogd proc_stat:file r_file_perms;
 
-# Read /proc/diskstats file
+# Read /proc/diskstats file.
 allow carwatchdogd proc_diskstats:file r_file_perms;
 
 # List HALs to get pid of vehicle HAL.
 allow carwatchdogd hwservicemanager:hwservice_manager list;
+
+# R/W /data/system/car for resource overuse configurations.
+allow carwatchdogd system_car_data_file:dir create_dir_perms;
+allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms;

diff --git a/cpp/watchdog/sepolicy/public/carwatchdog.te b/cpp/watchdog/sepolicy/public/carwatchdog.te
index 2cb9c5a..fd7ab3b 100644
--- a/cpp/watchdog/sepolicy/public/carwatchdog.te
+++ b/cpp/watchdog/sepolicy/public/carwatchdog.te

@@ -1,9 +1,9 @@
-# Car watchdog server
+# Car watchdog server.
 type carwatchdogd, domain;
 
 binder_call(carwatchdogd, carwatchdogclient_domain)
 binder_call(carwatchdogclient_domain, carwatchdogd)
 
-# Configuration for system_server
+# Configuration for system_server.
 allow system_server carwatchdogd_service:service_manager find;
 binder_call(carwatchdogd, system_server)