d77fec4796
Bug: 141704436
Test:
blueline:/ $ ls -lZa /data/misc/perfetto-traces
total 186
drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:12 .
drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 ..
-rw------- 1 shell shell u:object_r:perfetto_traces_data_file:s0 180467 2019-09-30 14:12 profile-shell
blueline:/ $ rm /data/misc/perfetto-traces/profile-shell
rm ro /data/misc/perfetto-traces/profile-shell (y/N):y
blueline:/ $ ls -lZa /data/misc/perfetto-traces
total 6
drwxrwx-wx 2 root shell u:object_r:perfetto_traces_data_file:s0 3488 2019-09-30 14:13 .
drwxrwx--t 46 system misc u:object_r:system_data_file:s0 3488 2019-09-30 14:08 ..
blueline:/ $
Cherry pick of c069bc134e
Change-Id: Ia710068c3cca53a415347fb0a7064740e500d15d
Merged-In: Ia710068c3cca53a415347fb0a7064740e500d15d
76 lines
2.4 KiB
Text
76 lines
2.4 KiB
Text
typeattribute shell coredomain;
|
|
|
|
# allow shell input injection
|
|
allow shell uhid_device:chr_file rw_file_perms;
|
|
|
|
# systrace support - allow atrace to run
|
|
allow shell debugfs_tracing_debug:dir r_dir_perms;
|
|
allow shell debugfs_tracing:dir r_dir_perms;
|
|
allow shell debugfs_tracing:file rw_file_perms;
|
|
allow shell debugfs_trace_marker:file getattr;
|
|
allow shell atrace_exec:file rx_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
allow shell debugfs_tracing_debug:file rw_file_perms;
|
|
')
|
|
|
|
# read config.gz for CTS purposes
|
|
allow shell config_gz:file r_file_perms;
|
|
|
|
# Run app_process.
|
|
# XXX Transition into its own domain?
|
|
app_domain(shell)
|
|
|
|
# allow shell to call dumpsys storaged
|
|
binder_call(shell, storaged)
|
|
|
|
# Perform SELinux access checks, needed for CTS
|
|
selinux_check_access(shell)
|
|
selinux_check_context(shell)
|
|
|
|
# Control Perfetto traced and obtain traces from it.
|
|
# Needed for Studio and debugging.
|
|
unix_socket_connect(shell, traced_consumer, traced)
|
|
|
|
# Allow shell binaries to write trace data to Perfetto. Used for testing and
|
|
# cmdline utils.
|
|
allow shell traced:fd use;
|
|
allow shell traced_tmpfs:file { read write getattr map };
|
|
unix_socket_connect(shell, traced_producer, traced)
|
|
|
|
domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
|
|
|
|
# Allow shell binaries to exec the perfetto cmdline util and have that
|
|
# transition into its own domain, so that it behaves consistently to
|
|
# when exec()-d by statsd.
|
|
domain_auto_trans(shell, perfetto_exec, perfetto)
|
|
# Allow to send SIGINT to perfetto when daemonized.
|
|
allow shell perfetto:process signal;
|
|
|
|
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
|
|
binder_call(shell, statsd);
|
|
|
|
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
|
|
allow shell perfetto_traces_data_file:dir rw_dir_perms;
|
|
allow shell perfetto_traces_data_file:file r_file_perms;
|
|
|
|
# Allow shell to run adb shell cmd gpu commands.
|
|
binder_call(shell, gpuservice);
|
|
|
|
# Allow shell to use atrace HAL
|
|
hal_client_domain(shell, hal_atrace)
|
|
|
|
# For hostside tests such as CTS listening ports test.
|
|
allow shell proc_net_tcp_udp:file r_file_perms;
|
|
|
|
# The dl.exec_linker* tests need to execute /system/bin/linker
|
|
# b/124789393
|
|
allow shell system_linker_exec:file rx_file_perms;
|
|
|
|
# Renderscript host side tests depend on being able to execute
|
|
# /system/bin/bcc (b/126388046)
|
|
allow shell rs_exec:file rx_file_perms;
|
|
|
|
# Allow shell to start and comminicate with lpdumpd.
|
|
set_prop(shell, lpdumpd_prop);
|
|
binder_call(shell, lpdumpd)
|