From 6f4cfe8709fd9cbc85397fad27d1843e53b5fde8 Mon Sep 17 00:00:00 2001
From: Collin Fijalkovich <cfijalkovich@google.com>
Date: Fri, 11 Dec 2020 14:51:32 -0800
Subject: [PATCH] Configure sepolicy for TracingServiceProxy

Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.

Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
---
 private/service.te       | 1 +
 private/service_contexts | 1 +
 private/traced.te        | 5 +++++
 3 files changed, 7 insertions(+)

diff --git a/private/service.te b/private/service.te
index 821b740d2..7f692f35c 100644
--- a/private/service.te
+++ b/private/service.te
@@ -8,4 +8,5 @@ type resolver_service,              system_server_service, service_manager_type;
 type stats_service,                 service_manager_type;
 type statscompanion_service,        system_server_service, service_manager_type;
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
+type tracingproxy_service,          system_server_service, service_manager_type;
 type uce_service,                   service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 5369b54dc..dc6985d6d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -259,6 +259,7 @@ time_detector                             u:object_r:timedetector_service:s0
 time_zone_detector                        u:object_r:timezonedetector_service:s0
 timezone                                  u:object_r:timezone_service:s0
 thermalservice                            u:object_r:thermal_service:s0
+tracing.proxy                             u:object_r:tracingproxy_service:s0
 transformer                               u:object_r:transformer_service:s0
 trust                                     u:object_r:trust_service:s0
 tv_input                                  u:object_r:tv_input_service:s0
diff --git a/private/traced.te b/private/traced.te
index 89d3cd206..aa169662d 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -37,6 +37,11 @@ allow traced perfetto_traces_bugreport_data_file:dir rw_dir_perms;
 allow traced traceur_app:fd use;
 allow traced trace_data_file:file { read write };
 
+# Allow perfetto to access the proxy service for notifying Traceur.
+allow traced tracingproxy_service:service_manager find;
+binder_use(traced);
+binder_call(traced, system_server);
+
 # Allow iorapd to pass memfd descriptors to traced, so traced can directly
 # write into the shmem buffer file without doing roundtrips over IPC.
 allow traced iorapd:fd use;