allow WifiService to use tracing on user builds
Previously, we'd restricted WifiService's use of
the kernel's tracing feature to just userdebug_or_eng
builds.
This restriction was in place because the feature
had not yet been reviewed from a privacy perspective.
Now that the feature has passed privacy review, enable
the feature on all builds.
Note that other safeguards remain in place (on all
builds):
- The set of events to be monitored is configured by
init, rather than WifiService (part of system_server).
This privilege separation prevents a compromised
system_server from tracing additional information.
- The trace events are kept only in RAM, until/unless
WifiService receives a dump request. (This would happen,
for example, in the case of adb dumpsys, or generating
a bugreport.)
Bug: 35679234
Test: manual (see below)
Manual test details:
- flash device
- connect device to a wifi network
$ adb shell dumpsys wifi | grep rdev_connect
[should see at least one matching line]
Change-Id: I85070054857d75177d0bcdeb9b2c95bfd7e3b6bc
diff --git a/private/system_server.te b/private/system_server.te
index 5db6850..f16cd2d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -629,11 +629,9 @@
allow system_server sysfs_leds:dir r_dir_perms;
###
-userdebug_or_eng(`
- # Allow WifiService to start, stop, and read wifi-specific trace events.
- allow system_server debugfs_tracing_instances:dir search;
- allow system_server debugfs_wifi_tracing:file rw_file_perms;
-')
+# Allow WifiService to start, stop, and read wifi-specific trace events.
+allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:file rw_file_perms;
###
### Neverallow rules