Don't allow other processes to ptrace simpleperf domain
This prevents using run-as and other processes to ptrace
simpleperf domain.
Also remove simpleperf from untrusted_app_domain.
Bug: 390626125
Test: run CtsSimpleperfTestCases
Change-Id: I72008fa4b2c2e900423e31d6d752f0b773b0c425
diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te
index 184a80a..e4871ac 100644
--- a/private/simpleperf_app_runner.te
+++ b/private/simpleperf_app_runner.te
@@ -4,6 +4,7 @@
# run simpleperf_app_runner in adb shell.
allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner adbd:unix_stream_socket { read write };
allow simpleperf_app_runner shell:fd use;
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
@@ -29,7 +30,7 @@
# simpleperf_app_runner passes pipe fds.
# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
-allow simpleperf_app_runner shell:fifo_file { read write };
+allow simpleperf_app_runner shell:fifo_file { getattr read write };
# simpleperf_app_runner checks shell data paths.
# simpleperf_app_runner passes shell data fds.