userdebug: support perfetto traces as a section in incident reports
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Bug: 134706389
Tested: manually on crosshatch-userdebug
Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
(cherry picked from commit ce3a33ff182ce49cf91091cea553a3003d2c20f6)
diff --git a/private/incidentd.te b/private/incidentd.te
index 7b38911..a5d7942 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -49,6 +49,13 @@
allow incidentd stats_service:service_manager find;
binder_call(incidentd, statsd)
+# section id 3026, allow reading /data/misc/perfetto-traces.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+ allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+ allow incidentd perfetto_traces_data_file:file r_file_perms;
+');
+
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
@@ -146,12 +153,14 @@
### neverallow rules
###
-# only dumpstate, system_server, system_app and incident command can find the incident service
+# only specific domains can find the incident service
+# TODO(b/134706389): remove "perfetto" when no longer used.
neverallow {
domain
-dumpstate
-incident
-incidentd
+ userdebug_or_eng(`-perfetto')
-priv_app
-statsd
-system_app