Adding write permissions to traceur Fixing denials that stopped traceur from being able to write to debugfs_tracing. Also cleaning up general find denials for services that traceur doesn't have permission to access. Additionally, labeling /data/local/trace as a trace_data_file in order to give traceur a UX friendly area to write its traces to now that it will no longer be a shell user. It will be write/readable by traceur, and deletable/readable by shell. Test: Traceur functionality is not being blocked by selinux policy Bug: 68126425 Change-Id: I201c82975a31094102e90bc81454d3c2a48fae36

commit: 35c363897dee6ab1057f071bed816ca4bff09961 [log] [tgz]
author: Max Bires <jbires@google.com> Mon Jan 15 16:44:04 2018 -0800
committer: Max Bires <jbires@google.com> Mon Jan 22 21:06:36 2018 +0000
tree: 8c18c23c7644fd7ce523fca749bab35aee65ff80
parent: 8bda3dfaa161ad3b579383ed9e7313c50806b0fd [diff] [blame]
diff --git a/private/traceur_app.te b/private/traceur_app.te
index 194a28f..83c77b4 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te

@@ -2,6 +2,9 @@
 
 userdebug_or_eng(`
   app_domain(traceur_app);
-  allow traceur_app debugfs_tracing:file r_file_perms;
+  allow traceur_app debugfs_tracing:file rw_file_perms;
+  allow traceur_app debugfs_tracing_debug:file rw_file_perms;
+  allow traceur_app trace_data_file:file create_file_perms;
+  allow traceur_app trace_data_file:dir { add_name search write };
   allow traceur_app atrace_exec:file rx_file_perms;
 ')
commit	35c363897dee6ab1057f071bed816ca4bff09961	[log] [tgz]
author	Max Bires <jbires@google.com>	Mon Jan 15 16:44:04 2018 -0800
committer	Max Bires <jbires@google.com>	Mon Jan 22 21:06:36 2018 +0000
tree	8c18c23c7644fd7ce523fca749bab35aee65ff80
parent	8bda3dfaa161ad3b579383ed9e7313c50806b0fd [diff] [blame]