From bb197bba02aa4e08ac50c09d7c87879808c513ab Mon Sep 17 00:00:00 2001
From: Lalit Maganti <lalitm@google.com>
Date: Tue, 1 Feb 2022 16:01:07 +0000
Subject: [PATCH] sepolicy: Allow system domains to be profiled

Bug: 217368496
Doc: go/field-tracing-t
Change-Id: Ie95c0cc2b1f9e8fa03f6112818936af692edf584
---
 private/gmscore_app.te   | 5 +++++
 private/platform_app.te  | 4 ++++
 private/system_server.te | 5 +++++
 3 files changed, 14 insertions(+)

diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 36cccdf63..a05f3defc 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -5,6 +5,11 @@ typeattribute gmscore_app coredomain;
 
 app_domain(gmscore_app)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(gmscore_app)
+can_profile_heap(gmscore_app)
+can_profile_perf(gmscore_app)
+
 allow gmscore_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address
 r_dir_file(gmscore_app, sysfs_net)
diff --git a/private/platform_app.te b/private/platform_app.te
index 9764eabad..20c9820ce 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -109,6 +109,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
 # Allow platform apps to act as Perfetto producers.
 perfetto_producer(platform_app)
 
+# TODO(b/217368496): remove this.
+can_profile_heap(platform_app)
+can_profile_perf(platform_app)
+
 # Allow platform apps to create VMs
 virtualizationservice_use(platform_app)
 
diff --git a/private/system_server.te b/private/system_server.te
index 7024c5ac0..f70744d1c 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -14,6 +14,11 @@ tmpfs_domain(system_server)
 
 userfaultfd_use(system_server)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(system_server)
+can_profile_heap(system_server)
+can_profile_perf(system_server)
+
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";