Merge "Enable platform_app to use perfetto/trace_data_file permissions in debug/eng builds." into main am: 79d1388d86

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2924820

Change-Id: I984a94aa4b6267aafc49adaf5ae45c99869080a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

private/platform_app.te

@@ -64,10 +64,24 @@ userdebug_or_eng(`
   auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
 ')
 
+# Allow sharing traces to betterbug from /data/misc/wmtrace.
+userdebug_or_eng(`
+  allow platform_app trace_data_file:file create_file_perms;
+  allow platform_app trace_data_file:dir rw_dir_perms;
+')
+
 # Allow writing and removing wmshell protolog in /data/misc/wmtrace.
 userdebug_or_eng(`
   allow platform_app wm_trace_data_file:dir rw_dir_perms;
-  allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+  allow platform_app wm_trace_data_file:file { getattr setattr create unlink rw_file_perms };
+')
+
+
+# To exec the perfetto cmdline client and pass it the trace config on
+# stdint through a pipe. Allow to access traced's privileged consumer socket.
+userdebug_or_eng(`
+  allow platform_app perfetto_exec:file rx_file_perms;
+  unix_socket_connect(platform_app, traced_consumer, traced);
 ')
 
 allow platform_app audioserver_service:service_manager find;

private/traced.te

@@ -28,6 +28,7 @@ allow traced perfetto_traces_data_file:dir rw_dir_perms;
 # Allow traceur to pass open file descriptors to traced, so traced can directly
 # write into the output file without doing roundtrips over IPC.
 allow traced traceur_app:fd use;
+allow traced platform_app:fd use;
 allow traced trace_data_file:file { read write };
 
 # Allow perfetto to access the proxy service for notifying Traceur.
@@ -119,6 +120,7 @@ neverallow {
   -traced
   -dumpstate
   -traceur_app
+  -platform_app
   -shell
   -system_server
   -perfetto