Configure sepolicy for TracingServiceProxy
Configures sepolicy to allow for the new TracingServiceProxy system
services, and to allow Perfetto to access the service.
Bug: 175591887
Test: Validated the service started successfullyy, and invoked via CLI
Change-Id: Idb6438948a9d96063f8455544b97ef66267cde23
diff --git a/private/service.te b/private/service.te
index 821b740..7f692f3 100644
--- a/private/service.te
+++ b/private/service.te
@@ -8,4 +8,5 @@
type stats_service, service_manager_type;
type statscompanion_service, system_server_service, service_manager_type;
type statsmanager_service, system_api_service, system_server_service, service_manager_type;
+type tracingproxy_service, system_server_service, service_manager_type;
type uce_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 5369b54..dc6985d 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -259,6 +259,7 @@
time_zone_detector u:object_r:timezonedetector_service:s0
timezone u:object_r:timezone_service:s0
thermalservice u:object_r:thermal_service:s0
+tracing.proxy u:object_r:tracingproxy_service:s0
transformer u:object_r:transformer_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
diff --git a/private/traced.te b/private/traced.te
index 89d3cd2..aa16966 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -37,6 +37,11 @@
allow traced traceur_app:fd use;
allow traced trace_data_file:file { read write };
+# Allow perfetto to access the proxy service for notifying Traceur.
+allow traced tracingproxy_service:service_manager find;
+binder_use(traced);
+binder_call(traced, system_server);
+
# Allow iorapd to pass memfd descriptors to traced, so traced can directly
# write into the shmem buffer file without doing roundtrips over IPC.
allow traced iorapd:fd use;