Allow perfetto to write into perfetto_traces_bugreport_data_file
We are changing the --save-for-bugreport feature and moving the file opening/write from the traced service to the perfetto cmdline client. This is as part of a bigger refactor to simplify the API surface in view of non-destructive snapshots of trace buffers. Add matching sepolicies to perfetto.te Bug: 260112703 Test: atest perfetto_integrationtests --test-filter '*PerfettoCmdlineTest*' Change-Id: Ic1dd6b1bf3183f6b7fb551859e35cae950676ffb
This commit is contained in:
Primiano Tucci
parent
c9ff8d010b
commit
4b8710389f
2 changed files with 6 additions and 5 deletions
|
|
@ -22,6 +22,10 @@ perfetto_producer(perfetto)
|
|||
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
|
||||
allow perfetto perfetto_traces_data_file:file create_file_perms;
|
||||
|
||||
# Allow to write and unlink trace into /data/misc/perfetto-traces/bugreport*
|
||||
allow perfetto perfetto_traces_bugreport_data_file:file create_file_perms;
|
||||
allow perfetto perfetto_traces_bugreport_data_file:dir rw_dir_perms;
|
||||
|
||||
# Allow perfetto to access the proxy service for reporting traces.
|
||||
allow perfetto tracingproxy_service:service_manager find;
|
||||
binder_use(perfetto)
|
||||
|
|
@ -117,6 +121,7 @@ neverallow perfetto {
|
|||
# neverallow. Currently only getattr and search are allowed.
|
||||
-vendor_data_file
|
||||
-perfetto_traces_data_file
|
||||
-perfetto_traces_bugreport_data_file
|
||||
-perfetto_configs_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
|
|
@ -124,6 +129,7 @@ neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getat
|
|||
neverallow perfetto {
|
||||
data_file_type
|
||||
-perfetto_traces_data_file
|
||||
-perfetto_traces_bugreport_data_file
|
||||
-perfetto_configs_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file ~write;
|
||||
|
|
|
|||
|
|
@ -24,9 +24,6 @@ allow traced shell:fifo_file { read write };
|
|||
# Allow the service to create new files within /data/misc/perfetto-traces.
|
||||
allow traced perfetto_traces_data_file:file create_file_perms;
|
||||
allow traced perfetto_traces_data_file:dir rw_dir_perms;
|
||||
# ... and /data/misc/perfetto-traces/bugreport*
|
||||
allow traced perfetto_traces_bugreport_data_file:file create_file_perms;
|
||||
allow traced perfetto_traces_bugreport_data_file:dir rw_dir_perms;
|
||||
|
||||
# Allow traceur to pass open file descriptors to traced, so traced can directly
|
||||
# write into the output file without doing roundtrips over IPC.
|
||||
|
|
@ -89,7 +86,6 @@ neverallow traced domain:process ptrace;
|
|||
neverallow traced {
|
||||
data_file_type
|
||||
-perfetto_traces_data_file
|
||||
-perfetto_traces_bugreport_data_file
|
||||
-system_data_file
|
||||
-system_data_root_file
|
||||
-media_userdir_file
|
||||
|
|
@ -104,7 +100,6 @@ neverallow traced { system_data_file }:dir ~{ getattr search };
|
|||
neverallow traced {
|
||||
data_file_type
|
||||
-perfetto_traces_data_file
|
||||
-perfetto_traces_bugreport_data_file
|
||||
-trace_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file ~write;
|
||||
|
|
|
|||
Loading…
Reference in a new issue