tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public/traceur_app.te
Max Bires 35c363897d Adding write permissions to traceur 
Fixing denials that stopped traceur from being able to write to
debugfs_tracing. Also cleaning up general find denials for services that
traceur doesn't have permission to access.

Additionally, labeling /data/local/trace as a trace_data_file in order
to give traceur a UX friendly area to write its traces to now that it
will no longer be a shell user. It will be write/readable by traceur,
and deletable/readable by shell.

Test: Traceur functionality is not being blocked by selinux policy
Bug: 68126425
Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36
2018-01-22 21:06:36 +00:00

23 lines
615 B
Text
Raw Blame History

type traceur_app, domain;
userdebug_or_eng(`
allow traceur_app servicemanager:service_manager list;
allow traceur_app hwservicemanager:hwservice_manager list;
set_prop(traceur_app, debug_prop)
allow traceur_app {
service_manager_type
-gatekeeper_service
-incident_service
-installd_service
-netd_service
-virtual_touchpad_service
-vold_service
-vr_hwc_service
}:service_manager find;
dontaudit traceur_app service_manager_type:service_manager find;
dontaudit traceur_app hwservice_manager_type:hwservice_manager find;
dontaudit traceur_app domain:binder call;
')
Reference in a new issue View git blame Copy permalink