Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 35c363897dee6ab1057f071bed816ca4bff09961^! / . / private
commit35c363897dee6ab1057f071bed816ca4bff09961[log] [tgz]
authorMax Bires <jbires@google.com>Mon Jan 15 16:44:04 2018 -0800
committerMax Bires <jbires@google.com>Mon Jan 22 21:06:36 2018 +0000
tree8c18c23c7644fd7ce523fca749bab35aee65ff80
parent8bda3dfaa161ad3b579383ed9e7313c50806b0fd [diff]
Adding write permissions to traceur

Fixing denials that stopped traceur from being able to write to
debugfs_tracing. Also cleaning up general find denials for services that
traceur doesn't have permission to access.

Additionally, labeling /data/local/trace as a trace_data_file in order
to give traceur a UX friendly area to write its traces to now that it
will no longer be a shell user. It will be write/readable by traceur,
and deletable/readable by shell.

Test: Traceur functionality is not being blocked by selinux policy
Bug: 68126425
Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36

diff --git a/private/adbd.te b/private/adbd.te
index 9dcfc81..77c0d73 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -36,6 +36,10 @@
 allow adbd shell_data_file:dir create_dir_perms;
 allow adbd shell_data_file:file create_file_perms;
 
+# adb pull /data/local/traces/*
+allow adbd trace_data_file:dir r_dir_perms;
+allow adbd trace_data_file:file r_file_perms;
+
 # adb pull /data/misc/profman.
 allow adbd profman_dump_data_file:dir r_dir_perms;
 allow adbd profman_dump_data_file:file r_file_perms;

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 325a22a..7bab012 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -79,6 +79,7 @@
     timezone_service
     tombstoned_java_trace_socket
     tombstone_wifi_data_file
+    trace_data_file
     traceur_app
     traceur_app_tmpfs
     traced

diff --git a/private/file_contexts b/private/file_contexts
index 6a94951..2113945 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -350,6 +350,7 @@
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
+/data/local/traces(/.*)?	u:object_r:trace_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 /data/nativetest(/.*)?	u:object_r:nativetest_data_file:s0

diff --git a/private/traceur_app.te b/private/traceur_app.te
index 194a28f..83c77b4 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te

@@ -2,6 +2,9 @@
 
 userdebug_or_eng(`
   app_domain(traceur_app);
-  allow traceur_app debugfs_tracing:file r_file_perms;
+  allow traceur_app debugfs_tracing:file rw_file_perms;
+  allow traceur_app debugfs_tracing_debug:file rw_file_perms;
+  allow traceur_app trace_data_file:file create_file_perms;
+  allow traceur_app trace_data_file:dir { add_name search write };
   allow traceur_app atrace_exec:file rx_file_perms;
 ')