Use a whitelisting strategy for tracefs. This changes tracefs files to be default-enabled in debug mode, but default-disabled with specific files enabled in user mode. Bug: 64762598 Test: Successfully took traces in user mode. Change-Id: I572ea22253e0c1e42065fbd1d2fd7845de06fceb

commit: 2c8ca45d2dd60ce40b236d7f35b41801744da0da [log] [tgz]
author: Carmen Jackson <carmenjackson@google.com> Tue Jan 30 18:14:45 2018 -0800
committer: Carmen Jackson <carmenjackson@google.com> Mon Feb 05 10:03:06 2018 -0800
tree: c59170821e7258851ca2e1b51d17e7f45e6cc58e
parent: de04528c3bb6f0c9aa405635f647b7b118d49806 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index 7a7ebf4..9b7235b 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -4,18 +4,19 @@
 allow shell uhid_device:chr_file rw_file_perms;
 
 # systrace support - allow atrace to run
+allow shell debugfs_tracing_debug:dir r_dir_perms;
 allow shell debugfs_tracing:dir r_dir_perms;
 allow shell debugfs_tracing:file rw_file_perms;
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
-# read config.gz for CTS purposes
-allow shell config_gz:file r_file_perms;
-
 userdebug_or_eng(`
   allow shell debugfs_tracing_debug:file rw_file_perms;
 ')
 
+# read config.gz for CTS purposes
+allow shell config_gz:file r_file_perms;
+
 # Run app_process.
 # XXX Transition into its own domain?
 app_domain(shell)
commit	2c8ca45d2dd60ce40b236d7f35b41801744da0da	[log] [tgz]
author	Carmen Jackson <carmenjackson@google.com>	Tue Jan 30 18:14:45 2018 -0800
committer	Carmen Jackson <carmenjackson@google.com>	Mon Feb 05 10:03:06 2018 -0800
tree	c59170821e7258851ca2e1b51d17e7f45e6cc58e
parent	de04528c3bb6f0c9aa405635f647b7b118d49806 [diff] [blame]