init.te: allow writing to /sys/kernel/debug/tracing/tracing_on
Needed to disable tracing. See frameworks/native/cmds/atrace/atrace.rc
Also allow shell getattr access to the tracing file. That way
"ls -la" returns something meaningful.
Bug: 26217098
Change-Id: I4eee1aff1127db8945612133c8ae16c34cfbb786
diff --git a/init.te b/init.te
index 464f088..555fc30 100644
--- a/init.te
+++ b/init.te
@@ -108,6 +108,9 @@
allow init dev_type:dir create_dir_perms;
allow init dev_type:lnk_file create;
+# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
+allow init debugfs_tracing:file w_file_perms;
+
# chown/chmod on pseudo files.
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:file { open read setattr };
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search };
diff --git a/shell.te b/shell.te
index ebd702b..f87027d 100644
--- a/shell.te
+++ b/shell.te
@@ -71,6 +71,7 @@
# systrace support - allow atrace to run
allow shell debugfs_tracing:dir r_dir_perms;
allow shell debugfs_tracing:file rw_file_perms;
+allow shell debugfs_trace_marker:file getattr;
allow shell atrace_exec:file rx_file_perms;
userdebug_or_eng(`