# Domain for atrace process spawned by boottrace service. type atrace_exec, exec_type, file_type; userdebug_or_eng(` type atrace, domain; init_daemon_domain(atrace) # boottrace services uses /data/misc/boottrace/categories allow atrace boottrace_data_file:dir search; allow atrace boottrace_data_file:file r_file_perms; # atrace reads the files in /sys/kernel/debug/tracing/ allow atrace debugfs:file r_file_perms; # atrace sets debug.atrace.* properties set_prop(atrace, debug_prop) # atrace pokes all the binder-enabled processes at startup. binder_use(atrace) allow atrace healthd:binder call; allow atrace surfaceflinger:binder call; ')