tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow traced to create files within /data/misc/perfetto-traces"

Browse source
This commit is contained in:
Treehugger Robot 2020-04-14 13:34:05 +00:00 committed by Gerrit Code Review
commit 951106b990
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
private/traced.te
View file

@ -24,7 +24,10 @@ allow traced self:global_capability_class_set { sys_nice };
allow traced perfetto:fd use;
allow traced shell:fd use;
allow traced shell:fifo_file { read write };
allow traced perfetto_traces_data_file:file { read write };
# Allow the service to create new files within /data/misc/perfetto-traces.
allow traced perfetto_traces_data_file:file create_file_perms;
allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
@ -78,6 +81,7 @@ neverallow traced domain:process ptrace;
# passed through the socket.
neverallow traced {
data_file_type
-perfetto_traces_data_file
-system_data_file
-system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a