From d77fec47967b415672548354ebdc2191ecab60a3 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Mon, 30 Sep 2019 11:09:45 +0100 Subject: [PATCH] Allow shell to unlink perfetto_traces_data_file. Bug: 141704436 Test: blueline:/ $ ls -lZa /data/misc/perfetto-traces total 186 drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:12 . drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 .. -rw------- 1 shell shell u:object_r:perfetto_traces_data_file:s0 180467 2019-09-30 14:12 profile-shell blueline:/ $ rm /data/misc/perfetto-traces/profile-shell rm ro /data/misc/perfetto-traces/profile-shell (y/N):y blueline:/ $ ls -lZa /data/misc/perfetto-traces total 6 drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:13 . drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 .. blueline:/ $ Cherry pick of c069bc134e80f86d16d7305d67e9cf44ceffbc2b Change-Id: Ia710068c3cca53a415347fb0a7064740e500d15d Merged-In: Ia710068c3cca53a415347fb0a7064740e500d15d --- prebuilts/api/29.0/private/shell.te | 2 +- private/shell.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/29.0/private/shell.te b/prebuilts/api/29.0/private/shell.te index 02b01f5ae..daec360c5 100644 --- a/prebuilts/api/29.0/private/shell.te +++ b/prebuilts/api/29.0/private/shell.te @@ -52,7 +52,7 @@ binder_call(shell, statsd); # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces. allow shell perfetto_traces_data_file:dir rw_dir_perms; -allow shell perfetto_traces_data_file:file r_file_perms; +allow shell perfetto_traces_data_file:file { r_file_perms unlink }; # Allow shell to run adb shell cmd gpu commands. binder_call(shell, gpuservice); diff --git a/private/shell.te b/private/shell.te index 02b01f5ae..daec360c5 100644 --- a/private/shell.te +++ b/private/shell.te @@ -52,7 +52,7 @@ binder_call(shell, statsd); # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces. allow shell perfetto_traces_data_file:dir rw_dir_perms; -allow shell perfetto_traces_data_file:file r_file_perms; +allow shell perfetto_traces_data_file:file { r_file_perms unlink }; # Allow shell to run adb shell cmd gpu commands. binder_call(shell, gpuservice);