New type for printk_formats, allow traced_probes.
Test: ls -lZ /sys/kernel/tracing/printk_formats
[...] u:object_r:debugfs_tracing_printk_formats:s0 [...]
Test: setenforce 0;
runcon u:r:system_server:s0 cat /sys/kernel/tracing/printk_formats
logcat complains about /sys/kernel/tracing/printk_formats
Test: setenforce 0;
runcon u:r:traced_probes:s0 cat /sys/kernel/tracing/printk_formats
logcat does not complain about /sys/kernel/tracing/printk_formats
(need to setenforce 0, because otherwise the exec of ls is denied).
Bug: 70292203
Change-Id: I15ddef686f979c59daaba5263fa99aca3cd139e5
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index d46cd15..883b022 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1288,7 +1288,8 @@
(typeattributeset debugfs_mmc_30_0 (debugfs_mmc))
(typeattributeset debugfs_trace_marker_30_0 (debugfs_trace_marker))
(typeattributeset debugfs_tracing_30_0 (debugfs_tracing))
-(typeattributeset debugfs_tracing_debug_30_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_debug_30_0 (debugfs_tracing_debug
+ debugfs_tracing_printk_formats))
(typeattributeset debugfs_tracing_instances_30_0 (debugfs_tracing_instances))
(typeattributeset debugfs_wakeup_sources_30_0 (debugfs_wakeup_sources))
(typeattributeset debugfs_wifi_tracing_30_0 (debugfs_wifi_tracing))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 1b22725..83f76ca 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -173,6 +173,8 @@
genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
+genfscon debugfs /tracing/printk_formats u:object_r:debugfs_tracing_printk_formats:s0
+genfscon tracefs /printk_formats u:object_r:debugfs_tracing_printk_formats:s0
genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0
diff --git a/private/traced_probes.te b/private/traced_probes.te
index f010a77..c669eba 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -14,6 +14,7 @@
allow traced_probes debugfs_tracing:dir r_dir_perms;
allow traced_probes debugfs_tracing:file rw_file_perms;
allow traced_probes debugfs_trace_marker:file getattr;
+allow traced_probes debugfs_tracing_printk_formats:file r_file_perms;
# TODO(primiano): temporarily I/O tracing categories are still
# userdebug only until we nail down the denylist/allowlist.
diff --git a/public/domain.te b/public/domain.te
index 4b245c6..0e5dde9 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1387,3 +1387,5 @@
-untrusted_app_25
-untrusted_app_27
} ashmem_device:chr_file open;
+
+neverallow { domain -traced_probes -init -vendor_init } debugfs_tracing_printk_formats:file *;
diff --git a/public/file.te b/public/file.te
index 0e61e8c..8ddaf2f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -140,6 +140,7 @@
type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject;
type debugfs_tracing_instances, fs_type, debugfs_type;
+type debugfs_tracing_printk_formats, fs_type, debugfs_type;
type debugfs_wakeup_sources, fs_type, debugfs_type;
type debugfs_wifi_tracing, fs_type, debugfs_type;
type securityfs, fs_type;