commit 58d6929bf1a721641a8d423ea88af3fc9bf72310
author Joel Galenson <jgalenson@google.com> Thu Jul 06 10:59:11 2017 -0700
committer Joel Galenson <jgalenson@google.com> Thu Jul 06 10:59:11 2017 -0700
tree 0e167500fdb11f7e56bbb693c6644a3f1858d897
parent a7e8eb981f413a3edbb20ceba6c639fae3edb259

Fix incorrect SELinux labeling.

When moving SELinux rules from file_contexts to genfs_contexts, we
added some genfs rules to label specific files.  It turns out that one
of those files was the prefix of some other files, and since genfs
does prefix-labeling, those other files had their labels changed.

To fix this, we are changing the whole tracefs /instances/wifi from
debugfs_tracing_instances to debugfs_wifi_tracing (a few of the files
already had this label).  This simplifies the rules.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that the files
have the correct context and that wifi, camera, and traceur work.

Change-Id: Id62db079f439ae8c531b44d1184eea26d5b760c3

private/genfs_contexts

diff --git a/private/genfs_contexts b/private/genfs_contexts
index 07c31ab..3914cec 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -68,12 +68,8 @@
 genfscon debugfs /tracing                             u:object_r:debugfs_tracing:s0
 genfscon debugfs /tracing/instances                   u:object_r:debugfs_tracing_instances:s0
 genfscon tracefs /instances                           u:object_r:debugfs_tracing_instances:s0
-genfscon debugfs /tracing/instances/wifi/free_buffer  u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/trace        u:object_r:debugfs_wifi_tracing:s0
-genfscon debugfs /tracing/instances/wifi/tracing_on   u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/free_buffer          u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/trace                u:object_r:debugfs_wifi_tracing:s0
-genfscon tracefs /instances/wifi/tracing_on           u:object_r:debugfs_wifi_tracing:s0
+genfscon debugfs /tracing/instances/wifi              u:object_r:debugfs_wifi_tracing:s0
+genfscon tracefs /instances/wifi                      u:object_r:debugfs_wifi_tracing:s0
 genfscon debugfs /tracing/trace_marker                u:object_r:debugfs_trace_marker:s0
 genfscon tracefs /trace_marker                        u:object_r:debugfs_trace_marker:s0
 

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index e06fe4c..f99deb7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -679,6 +679,7 @@
 
 # Allow WifiService to start, stop, and read wifi-specific trace events.
 allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:dir search;
 allow system_server debugfs_wifi_tracing:file rw_file_perms;
 
 # allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run