Allow heapprofd to read system_file_type.
Heapprofd needs to read binary files and library in order to support
unwinding the stack. sytem_file does not include all thes files, e.g.
zygote_exec is only labeled as system_file_type.
Denials:
12-03 10:50:37.485 9263 9263 I heapprofd: type=1400 audit(0.0:177): avc: denied { read } for name="app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
12-03 10:50:37.485 9263 9263 I heapprofd: type=1400 audit(0.0:178): avc: denied { open } for path="/system/bin/app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
12-03 10:50:37.485 9263 9263 I heapprofd: type=1400 audit(0.0:179): avc: denied { getattr } for path="/system/bin/app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
Change-Id: Ie04b722a78ff6367729930ee0ef96f48ccf6aa55
Bug: 117762471
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 30ad7f1..b7013d7 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -13,10 +13,10 @@
# Executables and libraries.
# These are needed to read the ELF binary data needed for unwinding.
- allow heapprofd system_file:file r_file_perms;
- allow heapprofd apk_data_file:file r_file_perms;
- allow heapprofd dalvikcache_data_file:file r_file_perms;
- allow heapprofd vendor_file_type:file r_file_perms;
+ r_dir_file(heapprofd, system_file_type)
+ r_dir_file(heapprofd, apk_data_file)
+ r_dir_file(heapprofd, dalvikcache_data_file)
+ r_dir_file(heapprofd, vendor_file_type)
')
# Write trace data to the Perfetto traced damon. This requires connecting to its