357c1617f7
atrace and its atrace_exec now exist only in private policy.
Test: No change to policy according to sesearch, except for
disappearance of all allow rules to do with atrace_current
which is expected now that atrace cannot be referenced from
public or vendor policy.
Bug: 31364497
Change-Id: Ib726bcf73073083420c7c065cbd39dcddd7cabe3
24 lines
701 B
Text
24 lines
701 B
Text
# Domain for atrace process spawned by boottrace service.
|
|
|
|
type atrace_exec, exec_type, file_type;
|
|
|
|
userdebug_or_eng(`
|
|
type atrace, domain, domain_deprecated;
|
|
|
|
init_daemon_domain(atrace)
|
|
|
|
# boottrace services uses /data/misc/boottrace/categories
|
|
allow atrace boottrace_data_file:dir search;
|
|
allow atrace boottrace_data_file:file r_file_perms;
|
|
|
|
# atrace reads the files in /sys/kernel/debug/tracing/
|
|
allow atrace debugfs_tracing:file r_file_perms;
|
|
|
|
# atrace sets debug.atrace.* properties
|
|
set_prop(atrace, debug_prop)
|
|
|
|
# atrace pokes all the binder-enabled processes at startup.
|
|
binder_use(atrace)
|
|
allow atrace healthd:binder call;
|
|
allow atrace surfaceflinger:binder call;
|
|
')
|