Enable Traceur on user builds.
Test: Standard Traceur workflow works successfully with no selinux denials on a user build. Bug: 64762598 Change-Id: I0dfe506d463b63d70c5bda03f8706041ea7ab448
This commit is contained in:
Jeff Vander Stoep
Carmen Jackson
parent
4ca98248ca
commit
de04528c3b
5 changed files with 26 additions and 26 deletions
|
|
@ -60,7 +60,7 @@ full_treble_only(`
|
||||||
userdebug_or_eng(`-perfprofd')
|
userdebug_or_eng(`-perfprofd')
|
||||||
userdebug_or_eng(`-traced_probes')
|
userdebug_or_eng(`-traced_probes')
|
||||||
-shell
|
-shell
|
||||||
userdebug_or_eng(`-traceur_app')
|
-traceur_app
|
||||||
} debugfs_tracing:file no_rw_file_perms;
|
} debugfs_tracing:file no_rw_file_perms;
|
||||||
|
|
||||||
# inotifyfs
|
# inotifyfs
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,7 @@ neverallow {
|
||||||
-statsd
|
-statsd
|
||||||
-system_app
|
-system_app
|
||||||
-system_server
|
-system_server
|
||||||
userdebug_or_eng(`-traceur_app')
|
-traceur_app
|
||||||
} stats_service:service_manager find;
|
} stats_service:service_manager find;
|
||||||
|
|
||||||
# Only statsd and the other root services in limited circumstances.
|
# Only statsd and the other root services in limited circumstances.
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,12 @@
|
||||||
typeattribute traceur_app coredomain;
|
typeattribute traceur_app coredomain;
|
||||||
|
|
||||||
|
app_domain(traceur_app);
|
||||||
|
allow traceur_app debugfs_tracing:file rw_file_perms;
|
||||||
|
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
app_domain(traceur_app);
|
|
||||||
allow traceur_app debugfs_tracing:file rw_file_perms;
|
|
||||||
allow traceur_app debugfs_tracing_debug:file rw_file_perms;
|
allow traceur_app debugfs_tracing_debug:file rw_file_perms;
|
||||||
allow traceur_app trace_data_file:file create_file_perms;
|
|
||||||
allow traceur_app trace_data_file:dir { add_name getattr search write };
|
|
||||||
allow traceur_app atrace_exec:file rx_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
|
allow traceur_app trace_data_file:file create_file_perms;
|
||||||
|
allow traceur_app trace_data_file:dir { add_name getattr search write };
|
||||||
|
allow traceur_app atrace_exec:file rx_file_perms;
|
||||||
|
|
|
||||||
|
|
@ -283,6 +283,6 @@ neverallow {
|
||||||
domain
|
domain
|
||||||
-system_server
|
-system_server
|
||||||
-shell
|
-shell
|
||||||
userdebug_or_eng(`-traceur_app')
|
-traceur_app
|
||||||
-dumpstate
|
-dumpstate
|
||||||
} dumpstate_service:service_manager find;
|
} dumpstate_service:service_manager find;
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,21 @@
|
||||||
type traceur_app, domain;
|
type traceur_app, domain;
|
||||||
|
|
||||||
userdebug_or_eng(`
|
allow traceur_app servicemanager:service_manager list;
|
||||||
allow traceur_app servicemanager:service_manager list;
|
allow traceur_app hwservicemanager:hwservice_manager list;
|
||||||
allow traceur_app hwservicemanager:hwservice_manager list;
|
|
||||||
|
|
||||||
set_prop(traceur_app, debug_prop)
|
set_prop(traceur_app, debug_prop)
|
||||||
|
|
||||||
allow traceur_app {
|
allow traceur_app {
|
||||||
service_manager_type
|
service_manager_type
|
||||||
-gatekeeper_service
|
-gatekeeper_service
|
||||||
-incident_service
|
-incident_service
|
||||||
-installd_service
|
-installd_service
|
||||||
-netd_service
|
-netd_service
|
||||||
-virtual_touchpad_service
|
-virtual_touchpad_service
|
||||||
-vold_service
|
-vold_service
|
||||||
-vr_hwc_service
|
-vr_hwc_service
|
||||||
}:service_manager find;
|
}:service_manager find;
|
||||||
|
|
||||||
dontaudit traceur_app service_manager_type:service_manager find;
|
dontaudit traceur_app service_manager_type:service_manager find;
|
||||||
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
|
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
|
||||||
dontaudit traceur_app domain:binder call;
|
dontaudit traceur_app domain:binder call;
|
||||||
')
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue