Adding write permissions to traceur

am: 35c363897d

Change-Id: I161499addf9e5d4ded1abcbedaa132b83d7e8857

private/adbd.te

@@ -36,6 +36,10 @@ allow adbd devpts:chr_file rw_file_perms;
 allow adbd shell_data_file:dir create_dir_perms;
 allow adbd shell_data_file:file create_file_perms;
 
+# adb pull /data/local/traces/*
+allow adbd trace_data_file:dir r_dir_perms;
+allow adbd trace_data_file:file r_file_perms;
+
 # adb pull /data/misc/profman.
 allow adbd profman_dump_data_file:dir r_dir_perms;
 allow adbd profman_dump_data_file:file r_file_perms;

private/compat/26.0/26.0.ignore.cil

@@ -79,6 +79,7 @@
     timezone_service
     tombstoned_java_trace_socket
     tombstone_wifi_data_file
+    trace_data_file
     traceur_app
     traceur_app_tmpfs
     traced

private/file_contexts

@@ -350,6 +350,7 @@
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
+/data/local/traces(/.*)?	u:object_r:trace_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 /data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0

private/traceur_app.te

@@ -2,6 +2,9 @@ typeattribute traceur_app coredomain;
 
 userdebug_or_eng(`
   app_domain(traceur_app);
-  allow traceur_app debugfs_tracing:file r_file_perms;
+  allow traceur_app debugfs_tracing:file rw_file_perms;
+  allow traceur_app debugfs_tracing_debug:file rw_file_perms;
+  allow traceur_app trace_data_file:file create_file_perms;
+  allow traceur_app trace_data_file:dir { add_name search write };
   allow traceur_app atrace_exec:file rx_file_perms;
 ')

public/file.te

@@ -108,8 +108,8 @@ type vfat, sdcard_type, fs_type, mlstrustedobject;
 type debugfs, fs_type, debugfs_type;
 type debugfs_mmc, fs_type, debugfs_type;
 type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
-type debugfs_tracing, fs_type, debugfs_type;
+type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
-type debugfs_tracing_debug, fs_type, debugfs_type;
+type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing_instances, fs_type, debugfs_type;
 type debugfs_wifi_tracing, fs_type, debugfs_type;
 
@@ -244,6 +244,7 @@ type recovery_data_file, file_type, data_file_type, core_data_file_type;
 type shared_relro_file, file_type, data_file_type, core_data_file_type;
 type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
 type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
+type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type vpn_data_file, file_type, data_file_type, core_data_file_type;
 type wifi_data_file, file_type, data_file_type, core_data_file_type;
 type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;

public/shell.te

@@ -25,6 +25,10 @@ allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 allow shell shell_data_file:lnk_file create_file_perms;
 
+# Read and delete from /data/local/traces.
+allow shell trace_data_file:file { r_file_perms unlink };
+allow shell trace_data_file:dir { r_dir_perms remove_name write };
+
 # Access /data/misc/profman.
 allow shell profman_dump_data_file:dir { search getattr write remove_name };
 allow shell profman_dump_data_file:file { getattr unlink };

public/traceur_app.te

@@ -17,5 +17,7 @@ userdebug_or_eng(`
     -vr_hwc_service
   }:service_manager find;
 
+  dontaudit traceur_app service_manager_type:service_manager find;
+  dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
   dontaudit traceur_app domain:binder call;
 ')