Merge "Revert system app/process profileability on user builds"

prebuilts/api/33.0/private/gmscore_app.te

@@ -5,11 +5,6 @@ typeattribute gmscore_app coredomain;
 
 app_domain(gmscore_app)
 
-# TODO(b/217368496): remove this.
-perfetto_producer(gmscore_app)
-can_profile_heap(gmscore_app)
-can_profile_perf(gmscore_app)
-
 allow gmscore_app sysfs_type:dir search;
 # Read access to /sys/block/zram*/mm_stat
 r_dir_file(gmscore_app, sysfs_zram)

prebuilts/api/33.0/private/platform_app.te

@@ -113,10 +113,6 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
 # Allow platform apps to act as Perfetto producers.
 perfetto_producer(platform_app)
 
-# TODO(b/217368496): remove this.
-can_profile_heap(platform_app)
-can_profile_perf(platform_app)
-
 # Allow platform apps to create VMs
 virtualizationservice_use(platform_app)
 

prebuilts/api/33.0/private/surfaceflinger.te

@@ -74,13 +74,9 @@ userdebug_or_eng(`
   allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
 ')
 
-# Allow userspace tracing via perfetto.
+# Needed to register as a Perfetto producer.
 perfetto_producer(surfaceflinger)
 
-# Allow to be profiled by performance tools.
-can_profile_heap(surfaceflinger)
-can_profile_perf(surfaceflinger)
-
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
 

prebuilts/api/33.0/private/system_app.te

@@ -176,10 +176,6 @@ get_prop(system_app, oem_unlock_prop)
 # Allow system apps to act as Perfetto producers.
 perfetto_producer(system_app)
 
-# TODO(b/217368496): remove this.
-can_profile_heap(system_app)
-can_profile_perf(system_app)
-
 ###
 ### Neverallow rules
 ###

prebuilts/api/33.0/private/system_server.te

@@ -15,11 +15,6 @@ tmpfs_domain(system_server)
 
 userfaultfd_use(system_server)
 
-# TODO(b/217368496): remove this.
-perfetto_producer(system_server)
-can_profile_heap(system_server)
-can_profile_perf(system_server)
-
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
 

private/gmscore_app.te

@@ -5,11 +5,6 @@ typeattribute gmscore_app coredomain;
 
 app_domain(gmscore_app)
 
-# TODO(b/217368496): remove this.
-perfetto_producer(gmscore_app)
-can_profile_heap(gmscore_app)
-can_profile_perf(gmscore_app)
-
 allow gmscore_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address
 r_dir_file(gmscore_app, sysfs_net)

private/platform_app.te

@@ -112,10 +112,6 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
 # Allow platform apps to act as Perfetto producers.
 perfetto_producer(platform_app)
 
-# TODO(b/217368496): remove this.
-can_profile_heap(platform_app)
-can_profile_perf(platform_app)
-
 # Allow platform apps to create VMs
 virtualizationservice_use(platform_app)
 

private/surfaceflinger.te

@@ -74,13 +74,9 @@ userdebug_or_eng(`
   allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
 ')
 
-# Allow userspace tracing via perfetto.
+# Needed to register as a Perfetto producer.
 perfetto_producer(surfaceflinger)
 
-# Allow to be profiled by performance tools.
-can_profile_heap(surfaceflinger)
-can_profile_perf(surfaceflinger)
-
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
 

private/system_app.te

@@ -177,10 +177,6 @@ get_prop(system_app, oem_unlock_prop)
 # Allow system apps to act as Perfetto producers.
 perfetto_producer(system_app)
 
-# TODO(b/217368496): remove this.
-can_profile_heap(system_app)
-can_profile_perf(system_app)
-
 ###
 ### Neverallow rules
 ###

private/system_server.te

@@ -15,11 +15,6 @@ tmpfs_domain(system_server)
 
 userfaultfd_use(system_server)
 
-# TODO(b/217368496): remove this.
-perfetto_producer(system_server)
-can_profile_heap(system_server)
-can_profile_perf(system_server)
-
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";