sepolicy: Allow system domains to be profiled

Bug: 217368496
Doc: go/field-tracing-t
Change-Id: Ie95c0cc2b1f9e8fa03f6112818936af692edf584

private/gmscore_app.te

@@ -5,6 +5,11 @@ typeattribute gmscore_app coredomain;
 
 app_domain(gmscore_app)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(gmscore_app)
+can_profile_heap(gmscore_app)
+can_profile_perf(gmscore_app)
+
 allow gmscore_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address
 r_dir_file(gmscore_app, sysfs_net)

private/platform_app.te

@@ -109,6 +109,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
 # Allow platform apps to act as Perfetto producers.
 perfetto_producer(platform_app)
 
+# TODO(b/217368496): remove this.
+can_profile_heap(platform_app)
+can_profile_perf(platform_app)
+
 # Allow platform apps to create VMs
 virtualizationservice_use(platform_app)
 

private/system_server.te

@@ -14,6 +14,11 @@ tmpfs_domain(system_server)
 
 userfaultfd_use(system_server)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(system_server)
+can_profile_heap(system_server)
+can_profile_perf(system_server)
+
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";