Correct hal_configstore label used in profiler rules
hal_configstore_server is what we want to exclude to avoid conflicting
with public/hal_configstore.te neverallows on socket operations. I used
the wrong label in aosp/2419280, but it happened to also cover
hal_configstore_server in the final device sepolicy.
The logical error was caught by CtsSecurityHostTestCases:
Warning! Type or attribute hal_configstore used in neverallow
undefined in policy being checked
Bug: 247858731
Bug: 269707771
Tested: built panther-user
Change-Id: I244e597939478d75f8437e82ff854a5d96c32a87
diff --git a/private/domain.te b/private/domain.te
index b858d4e..943b856 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -38,7 +38,7 @@
can_profile_heap({
dumpable_domain
-app_zygote
- -hal_configstore
+ -hal_configstore_server
-logpersist
-recovery
-recovery_persist
@@ -51,7 +51,7 @@
can_profile_perf({
dumpable_domain
-app_zygote
- -hal_configstore
+ -hal_configstore_server
-webview_zygote
-zygote
})
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 1b41823..718ce81 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -53,7 +53,7 @@
app_zygote
bpfloader
diced
- hal_configstore
+ hal_configstore_server
init
kernel
keystore
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 080b6fe..31fa620 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -67,7 +67,7 @@
app_zygote
bpfloader
diced
- hal_configstore
+ hal_configstore_server
init
kernel
keystore