Merge "sepolicy: Allow system domains to be profiled" am: fb9d097d03 am: 139cce7cc7

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1966610

Change-Id: I21b38265ff3770c1921d83bc8152a2e02d97f743
This commit is contained in:
Lalit Maganti 2022-02-02 12:33:18 +00:00 committed by Automerger Merge Worker
commit 170b791250
3 changed files with 14 additions and 0 deletions

View file

@ -5,6 +5,11 @@ typeattribute gmscore_app coredomain;
app_domain(gmscore_app)
# TODO(b/217368496): remove this.
perfetto_producer(gmscore_app)
can_profile_heap(gmscore_app)
can_profile_perf(gmscore_app)
allow gmscore_app sysfs_type:dir search;
# Read access to /sys/class/net/wlan*/address
r_dir_file(gmscore_app, sysfs_net)

View file

@ -109,6 +109,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
# Allow platform apps to act as Perfetto producers.
perfetto_producer(platform_app)
# TODO(b/217368496): remove this.
can_profile_heap(platform_app)
can_profile_perf(platform_app)
# Allow platform apps to create VMs
virtualizationservice_use(platform_app)

View file

@ -14,6 +14,11 @@ tmpfs_domain(system_server)
userfaultfd_use(system_server)
# TODO(b/217368496): remove this.
perfetto_producer(system_server)
can_profile_heap(system_server)
can_profile_perf(system_server)
# Create a socket for connections from crash_dump.
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";