Enable Traceur on user builds.

Test: Standard Traceur workflow works successfully with no
selinux denials on a user build.
Bug: 64762598
Change-Id: I0dfe506d463b63d70c5bda03f8706041ea7ab448
This commit is contained in:
Jeff Vander Stoep 2018-01-09 12:24:47 -08:00 committed by Carmen Jackson
parent 4ca98248ca
commit de04528c3b
5 changed files with 26 additions and 26 deletions

View file

@ -60,7 +60,7 @@ full_treble_only(`
userdebug_or_eng(`-perfprofd')
userdebug_or_eng(`-traced_probes')
-shell
userdebug_or_eng(`-traceur_app')
-traceur_app
} debugfs_tracing:file no_rw_file_perms;
# inotifyfs

View file

@ -86,7 +86,7 @@ neverallow {
-statsd
-system_app
-system_server
userdebug_or_eng(`-traceur_app')
-traceur_app
} stats_service:service_manager find;
# Only statsd and the other root services in limited circumstances.

View file

@ -1,10 +1,12 @@
typeattribute traceur_app coredomain;
app_domain(traceur_app);
allow traceur_app debugfs_tracing:file rw_file_perms;
userdebug_or_eng(`
app_domain(traceur_app);
allow traceur_app debugfs_tracing:file rw_file_perms;
allow traceur_app debugfs_tracing_debug:file rw_file_perms;
allow traceur_app trace_data_file:file create_file_perms;
allow traceur_app trace_data_file:dir { add_name getattr search write };
allow traceur_app atrace_exec:file rx_file_perms;
')
allow traceur_app trace_data_file:file create_file_perms;
allow traceur_app trace_data_file:dir { add_name getattr search write };
allow traceur_app atrace_exec:file rx_file_perms;

View file

@ -283,6 +283,6 @@ neverallow {
domain
-system_server
-shell
userdebug_or_eng(`-traceur_app')
-traceur_app
-dumpstate
} dumpstate_service:service_manager find;

View file

@ -1,23 +1,21 @@
type traceur_app, domain;
userdebug_or_eng(`
allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;
allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;
set_prop(traceur_app, debug_prop)
set_prop(traceur_app, debug_prop)
allow traceur_app {
service_manager_type
-gatekeeper_service
-incident_service
-installd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
allow traceur_app {
service_manager_type
-gatekeeper_service
-incident_service
-installd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
dontaudit traceur_app service_manager_type:service_manager find;
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
dontaudit traceur_app domain:binder call;
')
dontaudit traceur_app service_manager_type:service_manager find;
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
dontaudit traceur_app domain:binder call;