Merge "Add selinux rules for detachable perfetto process."
am: 146be01a0f
Change-Id: Idc98dfb1b1dbbb0b75bcba24f97c7f313d0442a8
This commit is contained in:
Carmen Jackson
android-build-merger
commit
48f1936058
1 changed files with 3 additions and 0 deletions
|
|
@ -19,7 +19,9 @@ allow traced self:global_capability_class_set { sys_nice };
|
|||
# directly into that (rather than returning the trace contents over the socket).
|
||||
allow traced perfetto:fd use;
|
||||
allow traced shell:fd use;
|
||||
allow traced traceur_app:fd use;
|
||||
allow traced perfetto_traces_data_file:file { read write };
|
||||
allow traced trace_data_file:file { read write };
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
|
|
@ -53,6 +55,7 @@ neverallow traced {
|
|||
data_file_type
|
||||
-zoneinfo_data_file
|
||||
-perfetto_traces_data_file
|
||||
-trace_data_file
|
||||
}:file ~write;
|
||||
|
||||
# Only init is allowed to enter the traced domain via exec()
|
||||
|
|
|
|||
Loading…
Reference in a new issue