Add producer socket to the selinux perfetto domain.
This change allows the perfetto cmdline client to access
the (unprivileged) producer socket of traced, with the
intent of triggering finalization of already running traces
(see b/130135730). Matching change: aosp/932138
Note that:
- perfetto cmdline can already access the consumer socket
(to start tracing sessions).
- The producer socket is already exposed to most domains,
including unprivileged apps.
Bug: 130135730
Bug: 128966650
Test: manual
(cherry picked from commit cdda2dc3c9)
Merged-In: Id9106279584798e6689102085fa46a0b7ecb1ba7
Change-Id: Id9106279584798e6689102085fa46a0b7ecb1ba7
This commit is contained in:
Stephen Nusko
Primiano Tucci
parent
73449cee1a
commit
ba27ad4806
1 changed files with 7 additions and 0 deletions
|
|
@ -11,6 +11,13 @@ tmpfs_domain(perfetto);
|
|||
# Allow to access traced's privileged consumer socket.
|
||||
unix_socket_connect(perfetto, traced_consumer, traced)
|
||||
|
||||
# Connect to the Perfetto traced daemon as a producer. This requires
|
||||
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
allow perfetto traced:fd use;
|
||||
allow perfetto traced_tmpfs:file { read write getattr map };
|
||||
unix_socket_connect(perfetto, traced_producer, traced)
|
||||
|
||||
|
||||
# Allow to write and unlink traces into /data/misc/perfetto-traces.
|
||||
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
|
||||
allow perfetto perfetto_traces_data_file:file create_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue