Add window trace files SELinux policy rules - Allow system_server to create and write to /data/misc/wmtrace/* - Allow surfaceflinger to create and write files from /data/misc/wmtrace/* - Allow dumpstate to read files from /data/misc/wmtrace/* permissions are restricted to userdebug or eng builds Bug: 64831661 Test: adb shell cmd window tracing start && adb shell cmd window tracing stop Test: adb shell su root service call SurfaceFlinger 1025 i32 1 >/dev/null && adb shell su root service call SurfaceFlinger 1025 i32 0 >/dev/null Test: adb bugreport ~/tmp.zip && adb shell su root dmesg | grep 'avc: ' Change-Id: I0b15166560739d73d7749201f3ad197dbcf5791c

commit: 2d6942d397f446fe080d6c97c21235124900f7d5 [log] [tgz]
author: Vishnu Nair <vishnun@google.com> Fri Nov 17 08:23:32 2017 -0800
committer: Nick Kralevich <nnk@google.com> Fri Nov 17 17:17:36 2017 +0000
tree: 8efe2cdb3e4a22ac2e14b45c265748bc6aa1c5d5
parent: 25576730c9d4c42eacb85fd01b157b03ca16a851 [diff] [blame]
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index ed67597..5fbd9ab 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -52,6 +52,12 @@
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger app_data_file:file { read write };
 
+# Allow writing surface traces to /data/misc/wmtrace.
+userdebug_or_eng(`
+  allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
+  allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
+')
+
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };
commit	2d6942d397f446fe080d6c97c21235124900f7d5	[log] [tgz]
author	Vishnu Nair <vishnun@google.com>	Fri Nov 17 08:23:32 2017 -0800
committer	Nick Kralevich <nnk@google.com>	Fri Nov 17 17:17:36 2017 +0000
tree	8efe2cdb3e4a22ac2e14b45c265748bc6aa1c5d5
parent	25576730c9d4c42eacb85fd01b157b03ca16a851 [diff] [blame]