Create directory for shell<>perfetto interaction Users are unable to pass config files directly to perfetto via `perfetto -c /path/to/config` and have to resort to awkward quirks like `cat config | perfetto -c -'. This is because /system/bin/perfetto runs in its own SELinux domain for reasons explained in the bug. This causes problem to test infrastructures authors. Instead of allowing the use of /data/local/tmp which is too ill-scoped we create a dedicated folder and allow only shell and perfetto to operate on it. Bug: 170404111 Test: manual, see aosp/1459023 Change-Id: I6fefe066f93f1f389c6f45bd18214f8e8b07079e

commit: 512bdb9c1b7c5eefdd07e7d1cda7f5944822cf7f [log] [tgz]
author: Primiano Tucci <primiano@google.com> Tue Oct 13 21:13:09 2020 +0100
committer: Primiano Tucci <primiano@google.com> Tue Oct 13 21:27:27 2020 +0000
tree: 6dfb821f18a42af64c40fd22b5efac5610adfcf8
parent: bf908d3be5705a664f6dab0a9510a92a62ffcbb3 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index dff6a9f..cea5301 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -52,6 +52,10 @@
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
 allow shell perfetto_traces_data_file:file { r_file_perms unlink };
 
+# Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
+allow shell perfetto_configs_data_file:dir rw_dir_perms;
+allow shell perfetto_configs_data_file:file create_file_perms;
+
 # Allow shell to run adb shell cmd gpu commands.
 binder_call(shell, gpuservice);
commit	512bdb9c1b7c5eefdd07e7d1cda7f5944822cf7f	[log] [tgz]
author	Primiano Tucci <primiano@google.com>	Tue Oct 13 21:13:09 2020 +0100
committer	Primiano Tucci <primiano@google.com>	Tue Oct 13 21:27:27 2020 +0000
tree	6dfb821f18a42af64c40fd22b5efac5610adfcf8
parent	bf908d3be5705a664f6dab0a9510a92a62ffcbb3 [diff] [blame]