Allow incidentd to attach perfetto traces on user.
Bug: 151140716
Change-Id: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48
diff --git a/private/incidentd.te b/private/incidentd.te
index 8924d83..c379fa2 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -50,11 +50,8 @@
binder_call(incidentd, statsd)
# section id 3026, allow reading /data/misc/perfetto-traces.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow incidentd perfetto_traces_data_file:dir r_dir_perms;
- allow incidentd perfetto_traces_data_file:file r_file_perms;
-');
+allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+allow incidentd perfetto_traces_data_file:file r_file_perms;
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
@@ -176,13 +173,12 @@
###
# only specific domains can find the incident service
-# TODO(b/134706389): remove "perfetto" when no longer used.
neverallow {
domain
-dumpstate
-incident
-incidentd
- userdebug_or_eng(`-perfetto')
+ -perfetto
-permissioncontroller_app
-priv_app
-statsd
diff --git a/private/perfetto.te b/private/perfetto.te
index 58cfae8..25c70d2 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -44,11 +44,8 @@
allow perfetto devpts:chr_file rw_file_perms;
# Allow perfetto to ask incidentd to start a report.
-# TODO(b/134706389): remove when no longer used.
-userdebug_or_eng(`
- allow perfetto incident_service:service_manager find;
- binder_call(perfetto, incidentd)
-');
+allow perfetto incident_service:service_manager find;
+binder_call(perfetto, incidentd)
# perfetto log formatter calls isatty() on its stderr. Denial when running
# under adbd is harmless. Avoid generating denial logs.