Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main

This commit is contained in:
Stefan Andonian 2024-03-04 20:23:11 +00:00 committed by Gerrit Code Review
commit 79d1388d86
2 changed files with 17 additions and 1 deletions

View file

@ -64,10 +64,24 @@ userdebug_or_eng(`
auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
# Allow sharing traces to betterbug from /data/misc/wmtrace.
userdebug_or_eng(`
allow platform_app trace_data_file:file create_file_perms;
allow platform_app trace_data_file:dir rw_dir_perms;
')
# Allow writing and removing wmshell protolog in /data/misc/wmtrace.
userdebug_or_eng(`
allow platform_app wm_trace_data_file:dir rw_dir_perms;
allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
allow platform_app wm_trace_data_file:file { getattr setattr create unlink rw_file_perms };
')
# To exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. Allow to access traced's privileged consumer socket.
userdebug_or_eng(`
allow platform_app perfetto_exec:file rx_file_perms;
unix_socket_connect(platform_app, traced_consumer, traced);
')
allow platform_app audioserver_service:service_manager find;

View file

@ -28,6 +28,7 @@ allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
allow traced traceur_app:fd use;
allow traced platform_app:fd use;
allow traced trace_data_file:file { read write };
# Allow perfetto to access the proxy service for notifying Traceur.
@ -119,6 +120,7 @@ neverallow {
-traced
-dumpstate
-traceur_app
-platform_app
-shell
-system_server
-perfetto