Add rules for Perfetto to be used from system_server

This includes rules for starting Perfetto as well as rules for
communicating over stdio between Perfetto and system_server.

Bug: 293957254
Test: Presubmit & tested in conjunction with internal change
Change-Id: I7e4c044a6a2afb48c33d65cc421e797d77aacc12

private/perfetto.te

@@ -40,7 +40,7 @@ allow perfetto perfetto_configs_data_file:file r_file_perms;
 # (both root and non-root) on stdin and also to write the resulting trace to
 # stdout.
 allow perfetto { statsd mm_events shell su }:fd use;
-allow perfetto { statsd mm_events shell su }:fifo_file { getattr read write };
+allow perfetto { statsd mm_events shell su system_server }:fifo_file { getattr read write ioctl };
 
 # Allow to communicate use, read and write over the adb connection.
 allow perfetto adbd:fd use;

private/system_server.te

@@ -578,6 +578,10 @@ allow system_server prereboot_data_file:file create_file_perms;
 allow system_server perfetto_traces_data_file:file { read getattr };
 allow system_server perfetto:fd use;
 
+# Allow system_server to exec the perfetto cmdline client and pass it a trace config
+domain_auto_trans(system_server, perfetto_exec, perfetto);
+allow system_server perfetto:fifo_file { read write };
+
 # Manage /data/backup.
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
@@ -1292,7 +1296,7 @@ neverallow system_server {
 
 # Ensure that system_server doesn't perform any domain transitions other than
 # transitioning to the crash_dump domain when a crash occurs or fork clatd.
-neverallow system_server { domain -clatd -crash_dump }:process transition;
+neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
 neverallow system_server *:process dyntransition;
 
 # Only allow crash_dump to connect to system_ndebug_socket.