Merge "Allow perfetto to write into perfetto_traces_bugreport_data_file"

commit: 252956dc37a28e76b881bdf8adbe648d80cccc42 [log] [tgz]
author: Primiano Tucci <primiano@google.com> Wed Mar 29 17:25:59 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 29 17:25:59 2023 +0000
tree: 175e31808cbd5074815dc324d31b06f364261f1f
parent: 1b4e9393d37afc415662d68097424610433660b5 [diff]
parent: 4b8710389f679210fdebafa4d4c41c71d0baf6a8 [diff]
diff --git a/private/perfetto.te b/private/perfetto.te
index 45fa60b..a87f2ad 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te

@@ -22,6 +22,10 @@
 allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
 allow perfetto perfetto_traces_data_file:file create_file_perms;
 
+# Allow to write and unlink trace into /data/misc/perfetto-traces/bugreport*
+allow perfetto perfetto_traces_bugreport_data_file:file create_file_perms;
+allow perfetto perfetto_traces_bugreport_data_file:dir rw_dir_perms;
+
 # Allow perfetto to access the proxy service for reporting traces.
 allow perfetto tracingproxy_service:service_manager find;
 binder_use(perfetto)
@@ -117,6 +121,7 @@
   # neverallow. Currently only getattr and search are allowed.
   -vendor_data_file
   -perfetto_traces_data_file
+  -perfetto_traces_bugreport_data_file
   -perfetto_configs_data_file
   with_native_coverage(`-method_trace_data_file')
 }:dir *;
@@ -124,6 +129,7 @@
 neverallow perfetto {
   data_file_type
   -perfetto_traces_data_file
+  -perfetto_traces_bugreport_data_file
   -perfetto_configs_data_file
   with_native_coverage(`-method_trace_data_file')
 }:file ~write;

diff --git a/private/traced.te b/private/traced.te
index 171e092..fc75239 100644
--- a/private/traced.te
+++ b/private/traced.te

@@ -24,9 +24,6 @@
 # Allow the service to create new files within /data/misc/perfetto-traces.
 allow traced perfetto_traces_data_file:file create_file_perms;
 allow traced perfetto_traces_data_file:dir rw_dir_perms;
-# ... and /data/misc/perfetto-traces/bugreport*
-allow traced perfetto_traces_bugreport_data_file:file create_file_perms;
-allow traced perfetto_traces_bugreport_data_file:dir rw_dir_perms;
 
 # Allow traceur to pass open file descriptors to traced, so traced can directly
 # write into the output file without doing roundtrips over IPC.
@@ -89,7 +86,6 @@
 neverallow traced {
   data_file_type
   -perfetto_traces_data_file
-  -perfetto_traces_bugreport_data_file
   -system_data_file
   -system_data_root_file
   -media_userdir_file
@@ -104,7 +100,6 @@
 neverallow traced {
   data_file_type
   -perfetto_traces_data_file
-  -perfetto_traces_bugreport_data_file
   -trace_data_file
   with_native_coverage(`-method_trace_data_file')
 }:file ~write;
commit	252956dc37a28e76b881bdf8adbe648d80cccc42	[log] [tgz]
author	Primiano Tucci <primiano@google.com>	Wed Mar 29 17:25:59 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Mar 29 17:25:59 2023 +0000
tree	175e31808cbd5074815dc324d31b06f364261f1f
parent	1b4e9393d37afc415662d68097424610433660b5 [diff]
parent	4b8710389f679210fdebafa4d4c41c71d0baf6a8 [diff]