Fix running simpleperf_app_runner on user device.
Bug: 118835348
Test: build and boot blueline user device.
Test: test simpleperf_app_runner manually.
Change-Id: I022d7f10f6164e6980f55badd4edcdc76a73c004
diff --git a/public/domain.te b/public/domain.te
index 1816c81..d112003 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1253,6 +1253,7 @@
-dumpstate
-init
-installd
+ -simpleperf_app_runner
-system_server # why?
userdebug_or_eng(`-uncrypt')
} shell_data_file:dir { open search };
diff --git a/public/simpleperf_app_runner.te b/public/simpleperf_app_runner.te
index cabf04b..9f8e6e4 100644
--- a/public/simpleperf_app_runner.te
+++ b/public/simpleperf_app_runner.te
@@ -25,6 +25,14 @@
# determine which domain to transition to.
allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
+# simpleperf_app_runner passes pipe fds.
+allow simpleperf_app_runner shell:fifo_file read;
+
+# simpleperf_app_runner checks shell data paths.
+# simpleperf_app_runner passes shell data fds.
+allow simpleperf_app_runner shell_data_file:dir { getattr search };
+allow simpleperf_app_runner shell_data_file:file { getattr write };
+
###
### neverallow rules
###