perfetto: minor quality of life tweaks

Change 1: when running the "perfetto" binary via "adb shell
perfetto...", ctrl-Cing the host process doesn't propagate the teardown
to the on-device process (which normally should stop the tracing session
immediately). Allow signals adbd->perfetto to resolve.

Change 2: don't print audit logs for a harmless isatty() check on adb
sockets when they're the stderr of a "perfetto" process.

Example denials from the isatty() check (ioctl is TCGETS):

avc: denied { getattr } for path="socket:[244990]" dev="sockfs"
ino=244990 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0
tclass=unix_stream_socket permissive=0
avc: denied { ioctl } for path="socket:[244992]" dev="sockfs" ino=244992
ioctlcmd=0x5401 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0
tclass=unix_stream_socket permissive=0

Example denial from ctrl-c'ing "adb shell perfetto ...":

avc: denied { signal } for comm=7368656C6C20737663203134343537
scontext=u:r:adbd:s0 tcontext=u:r:perfetto:s0 tclass=process
permissive=0

===

This is a CP of commit 5f1f1b6a7a, with
updated 30.0 prebuilts. Using a new Change-Id since as far as I
understand, the prebuilts should still be merged downstream.

Bug: 159988048
Tested: patched onto an internal branch, then verified that denials are
        gone on a flashed crosshatch-userdebug.
Change-Id: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc

prebuilts/api/30.0/private/adbd.te

@@ -180,6 +180,11 @@ r_dir_file(adbd, apk_data_file)
 
 allow adbd rootfs:dir r_dir_perms;
 
+# Allow killing child "perfetto" binary processes, which auto-transition to
+# their own domain. Allows propagating termination of "adb shell perfetto ..."
+# invocations.
+allow adbd perfetto:process signal;
+
 # Allow to pull Perfetto traces.
 allow adbd perfetto_traces_data_file:file r_file_perms;
 allow adbd perfetto_traces_data_file:dir r_dir_perms;

prebuilts/api/30.0/private/perfetto.te

@@ -47,6 +47,14 @@ allow perfetto devpts:chr_file rw_file_perms;
 allow perfetto incident_service:service_manager find;
 binder_call(perfetto, incidentd)
 
+# perfetto log formatter calls isatty() on its stderr. Denial when running
+# under adbd is harmless. Avoid generating denial logs.
+dontaudit perfetto adbd:unix_stream_socket getattr;
+dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
+# As above, when adbd is running in "su" domain (only the ioctl is denied in
+# practice).
+dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
+
 ###
 ### Neverallow rules
 ###

private/adbd.te

@@ -180,6 +180,11 @@ r_dir_file(adbd, apk_data_file)
 
 allow adbd rootfs:dir r_dir_perms;
 
+# Allow killing child "perfetto" binary processes, which auto-transition to
+# their own domain. Allows propagating termination of "adb shell perfetto ..."
+# invocations.
+allow adbd perfetto:process signal;
+
 # Allow to pull Perfetto traces.
 allow adbd perfetto_traces_data_file:file r_file_perms;
 allow adbd perfetto_traces_data_file:dir r_dir_perms;

private/perfetto.te

@@ -47,6 +47,14 @@ allow perfetto devpts:chr_file rw_file_perms;
 allow perfetto incident_service:service_manager find;
 binder_call(perfetto, incidentd)
 
+# perfetto log formatter calls isatty() on its stderr. Denial when running
+# under adbd is harmless. Avoid generating denial logs.
+dontaudit perfetto adbd:unix_stream_socket getattr;
+dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
+# As above, when adbd is running in "su" domain (only the ioctl is denied in
+# practice).
+dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
+
 ###
 ### Neverallow rules
 ###