Add sepolicy rules for hyp ftrace instance
We will start with simple sepolicy that applies debugfs_tracing label
for any file under /sys/kernel/tracing/hyp (for tracefs) or
/sys/kernel/debug/tracing/hyp (for debugfs), as so far everybody that
can do tracing in Android should be able to also trace hypervisor.
If in the future we decide that this is not the case, we can always
introduce a new hyp-tracing specific label.
Bug: 249050813
Test: adb shell -alZ /sys/kernel/tracing/hyp
Test: collect hyp traces via perfetto
Change-Id: I16d8faf212858eab0aab54c22d143461aae90482
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 08aa5a8..f5a92ac 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -187,6 +187,9 @@
genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/hyp u:object_r:debugfs_tracing:s0
+genfscon tracefs /hyp u:object_r:debugfs_tracing:s0
+
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/bootreceiver u:object_r:debugfs_bootreceiver_tracing:s0