typeattribute traceur_app coredomain;

app_domain(traceur_app);
allow traceur_app debugfs_tracing:file rw_file_perms;
allow traceur_app debugfs_tracing_debug:dir r_dir_perms;

userdebug_or_eng(`
  allow traceur_app debugfs_tracing_debug:file rw_file_perms;
')

allow traceur_app trace_data_file:file create_file_perms;
allow traceur_app trace_data_file:dir rw_dir_perms;
allow traceur_app wm_trace_data_file:dir rw_dir_perms;
allow traceur_app wm_trace_data_file:file { getattr r_file_perms unlink };
allow traceur_app atrace_exec:file rx_file_perms;

# To exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe.
allow traceur_app perfetto_exec:file rx_file_perms;

# Allow to access traced's privileged consumer socket.
unix_socket_connect(traceur_app, traced_consumer, traced)

dontaudit traceur_app debugfs_tracing_debug:file audit_access;

set_prop(traceur_app, debug_prop)

allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;

allow traceur_app {
  service_manager_type
  -apex_service
  -dnsresolver_service
  -gatekeeper_service
  -incident_service
  -installd_service
  -lpdump_service
  -mdns_service
  -netd_service
  -virtual_touchpad_service
  -vold_service
  -default_android_service
}:service_manager find;

# Allow traceur_app to use atrace HAL
hal_client_domain(traceur_app, hal_atrace)

dontaudit traceur_app service_manager_type:service_manager find;
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
dontaudit traceur_app domain:binder call;