Refactor sepolicy to support central mode on user.

Functionally this is a no-op change.

This is a cherry-pick of 356b98d552e8b6f1936c045cb1a681dfbcd485ee.

Bug: 152976928
Change-Id: If4c0c6c74e60cc84f4adedfd430b385795cd15eb
Merged-In: If4c0c6c74e60cc84f4adedfd430b385795cd15eb
diff --git a/private/domain.te b/private/domain.te
index 3f5bbaa..5304ff0 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -11,7 +11,7 @@
 # necessary SELinux permissions.
 get_prop(domain, heapprofd_prop);
 # Allow heap profiling on debug builds.
-userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
+userdebug_or_eng(`can_profile_heap_central({
   domain
   -bpfloader
   -init
diff --git a/public/te_macros b/public/te_macros
index 5afb791..56f9775 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -663,11 +663,12 @@
 # Allow processes within the domain to have their heap profiled by heapprofd.
 #
 # Note that profiling is performed differently between debug and user builds.
-# This macro covers both user and debug builds, but see
-# can_profile_heap_userdebug_or_eng for a variant that can be used when
-# allowing profiling for a domain only on debug builds, without granting
-# the exec permission. The exec permission is necessary for user builds, but
-# only a nice-to-have for development and testing purposes on debug builds.
+# There are two modes for profiling:
+# * forked
+# * central.
+# On user builds, the default is to allow only forked mode. If it is desired
+# to allow central mode as well for a domain, use can_profile_heap_central.
+# On userdebug, this macro allows both forked and central.
 define(`can_profile_heap', `
   # Allow central daemon to send signal for client initialization.
   allow heapprofd $1:process signal;
@@ -683,42 +684,39 @@
   allow heapprofd $1:dir r_dir_perms;
 
   # Profilability on user implies profilability on userdebug and eng.
-  can_profile_heap_userdebug_or_eng($1)
+  userdebug_or_eng(`
+    can_profile_heap_central($1)
+  ')
 ')
 
 ###################################
-# can_profile_heap_userdebug_or_eng(domain)
-# Allow processes within the domain to have their heap profiled by heapprofd on
-# debug builds only.
-#
-# Only necessary when can_profile_heap cannot be applied, see its description
-# for rationale.
-define(`can_profile_heap_userdebug_or_eng', `
-  userdebug_or_eng(`
-    # Allow central daemon to send signal for client initialization.
-    allow heapprofd $1:process signal;
-    # Allow connecting to the daemon.
-    unix_socket_connect($1, heapprofd, heapprofd)
-    # Allow daemon to use the passed fds.
-    allow heapprofd $1:fd use;
-    # Allow to read and write to heapprofd shmem.
-    # The client needs to read the read and write pointers in order to write.
-    allow $1 heapprofd_tmpfs:file { read write getattr map };
-    # Use shared memory received over the unix socket.
-    allow $1 heapprofd:fd use;
+# can_profile_heap_central(domain)
+# Allow processes within the domain to have their heap profiled by central
+# heapprofd.
+define(`can_profile_heap_central', `
+  # Allow central daemon to send signal for client initialization.
+  allow heapprofd $1:process signal;
+  # Allow connecting to the daemon.
+  unix_socket_connect($1, heapprofd, heapprofd)
+  # Allow daemon to use the passed fds.
+  allow heapprofd $1:fd use;
+  # Allow to read and write to heapprofd shmem.
+  # The client needs to read the read and write pointers in order to write.
+  allow $1 heapprofd_tmpfs:file { read write getattr map };
+  # Use shared memory received over the unix socket.
+  allow $1 heapprofd:fd use;
 
-    # To read and write from the received file descriptors.
-    # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
-    # process they relate to.
-    # We need to write to /proc/$PID/page_idle to find idle allocations.
-    # The client only opens /proc/self/page_idle with RDWR, everything else
-    # with RDONLY.
-    # heapprofd cannot open /proc/$PID/mem itself, as it does not have
-    # sys_ptrace.
-    allow heapprofd $1:file rw_file_perms;
-    # Allow searching the /proc/[pid] directory for cmdline.
-    allow heapprofd $1:dir r_dir_perms;
-  ')
+  # To read and write from the received file descriptors.
+  # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the
+  # process they relate to.
+  # We need to write to /proc/$PID/page_idle to find idle allocations.
+  # The client only opens /proc/self/page_idle with RDWR, everything else
+  # with RDONLY.
+  # heapprofd cannot open /proc/$PID/mem itself, as it does not have
+  # sys_ptrace.
+  allow heapprofd $1:file rw_file_perms;
+  # Allow searching the /proc/[pid] directory for cmdline.
+  allow heapprofd $1:dir r_dir_perms;
 ')
 
 ###################################