tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow traced to create files within /data/misc/perfetto-traces" am: 951106b990

Browse source 
Change-Id: Id4afcc38e9793b754c9772eec19ef32daa005838
This commit is contained in:
Treehugger Robot 2020-04-14 13:55:32 +00:00 committed by Automerger Merge Worker
commit 10f1c3bc07
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/traced.te
View file

@ -24,7 +24,10 @@ allow traced self:global_capability_class_set { sys_nice };
allow traced perfetto:fd use; allow traced perfetto:fd use;
allow traced shell:fd use; allow traced shell:fd use;
allow traced shell:fifo_file { read write }; allow traced shell:fifo_file { read write };
allow traced perfetto_traces_data_file:file { read write };
# Allow the service to create new files within /data/misc/perfetto-traces.
allow traced perfetto_traces_data_file:file create_file_perms;
allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly # Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC. # write into the output file without doing roundtrips over IPC.
@ -78,6 +81,7 @@ neverallow traced domain:process ptrace;
# passed through the socket. # passed through the socket.
neverallow traced { neverallow traced {
data_file_type data_file_type
-perfetto_traces_data_file
-system_data_file -system_data_file
-system_data_root_file -system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a