Enable Traceur on user builds.
Test: Standard Traceur workflow works successfully with no selinux denials on a user build. Bug: 64762598 Change-Id: I0dfe506d463b63d70c5bda03f8706041ea7ab448
This commit is contained in:
Jeff Vander Stoep
Carmen Jackson
parent
4ca98248ca
commit
de04528c3b
5 changed files with 26 additions and 26 deletions
|
|
@ -60,7 +60,7 @@ full_treble_only(`
|
|||
userdebug_or_eng(`-perfprofd')
|
||||
userdebug_or_eng(`-traced_probes')
|
||||
-shell
|
||||
userdebug_or_eng(`-traceur_app')
|
||||
-traceur_app
|
||||
} debugfs_tracing:file no_rw_file_perms;
|
||||
|
||||
# inotifyfs
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ neverallow {
|
|||
-statsd
|
||||
-system_app
|
||||
-system_server
|
||||
userdebug_or_eng(`-traceur_app')
|
||||
-traceur_app
|
||||
} stats_service:service_manager find;
|
||||
|
||||
# Only statsd and the other root services in limited circumstances.
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
typeattribute traceur_app coredomain;
|
||||
|
||||
app_domain(traceur_app);
|
||||
allow traceur_app debugfs_tracing:file rw_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
app_domain(traceur_app);
|
||||
allow traceur_app debugfs_tracing:file rw_file_perms;
|
||||
allow traceur_app debugfs_tracing_debug:file rw_file_perms;
|
||||
allow traceur_app trace_data_file:file create_file_perms;
|
||||
allow traceur_app trace_data_file:dir { add_name getattr search write };
|
||||
allow traceur_app atrace_exec:file rx_file_perms;
|
||||
')
|
||||
|
||||
allow traceur_app trace_data_file:file create_file_perms;
|
||||
allow traceur_app trace_data_file:dir { add_name getattr search write };
|
||||
allow traceur_app atrace_exec:file rx_file_perms;
|
||||
|
|
|
|||
|
|
@ -283,6 +283,6 @@ neverallow {
|
|||
domain
|
||||
-system_server
|
||||
-shell
|
||||
userdebug_or_eng(`-traceur_app')
|
||||
-traceur_app
|
||||
-dumpstate
|
||||
} dumpstate_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
type traceur_app, domain;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow traceur_app servicemanager:service_manager list;
|
||||
allow traceur_app hwservicemanager:hwservice_manager list;
|
||||
allow traceur_app servicemanager:service_manager list;
|
||||
allow traceur_app hwservicemanager:hwservice_manager list;
|
||||
|
||||
set_prop(traceur_app, debug_prop)
|
||||
set_prop(traceur_app, debug_prop)
|
||||
|
||||
allow traceur_app {
|
||||
allow traceur_app {
|
||||
service_manager_type
|
||||
-gatekeeper_service
|
||||
-incident_service
|
||||
|
|
@ -15,9 +14,8 @@ userdebug_or_eng(`
|
|||
-virtual_touchpad_service
|
||||
-vold_service
|
||||
-vr_hwc_service
|
||||
}:service_manager find;
|
||||
}:service_manager find;
|
||||
|
||||
dontaudit traceur_app service_manager_type:service_manager find;
|
||||
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
|
||||
dontaudit traceur_app domain:binder call;
|
||||
')
|
||||
dontaudit traceur_app service_manager_type:service_manager find;
|
||||
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
|
||||
dontaudit traceur_app domain:binder call;
|
||||
|
|
|
|||
Loading…
Reference in a new issue