Allow shell + priv_app to traverse /data/misc/perfetto-traces
This is a follow-up to r.android.com/1542764.
1. In order to allow priv_app to
stat(/data/misc/perfetto-traces/bugreport/*) we need
also the `search` permission to traverse the parent
directory /data/misc/perfetto-traces.
2. Allow shell to read the new bugreport/ directory.
shell can read bugreports anyways and this is needed
for CTS tests.
Bug: 177761174
Bug: 177684571
Test: manual (changpa@)
Change-Id: I39d6a1c7941bcdcdc314a7538c0accfd37c52ca2
diff --git a/private/priv_app.te b/private/priv_app.te
index dde8f09..46362a0 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -72,6 +72,8 @@
# in progress.
allow priv_app perfetto_traces_bugreport_data_file:dir r_dir_perms;
allow priv_app perfetto_traces_bugreport_data_file:file { getattr };
+# Required to traverse the parent dir (/data/misc/perfetto-traces).
+allow priv_app perfetto_traces_data_file:dir { search };
# Allow verifier to access staged apks.
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
diff --git a/private/shell.te b/private/shell.te
index 73aac1d..e6038b1 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -51,6 +51,9 @@
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file { r_file_perms unlink };
+# ... and /data/misc/perfetto-traces/bugreport/ .
+allow shell perfetto_traces_bugreport_data_file:dir rw_dir_perms;
+allow shell perfetto_traces_bugreport_data_file:file { r_file_perms unlink };
# Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
allow shell perfetto_configs_data_file:dir rw_dir_perms;