sepolicy: rework perfetto producer/profiler rules for "user" builds
This patch:
* allows for heap and perf profiling of all processes on the system
(minus undumpable and otherwise incompatible domains). For apps, the
rest of the platform will still perform checks based on
profileable/debuggable manifest flags. For native processes, the
profilers will check that the process runs as an allowlisted UID.
* allows for all apps (=appdomain) to act as perfetto tracing data
writers (=perfetto_producer) for the ART java heap graph plugin
(perfetto_hprof).
* allows for system_server to act a perfetto_producer for java heap
graphs.
Bug: 247858731
Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6
diff --git a/private/app.te b/private/app.te
index c8f455b..ff30fe5 100644
--- a/private/app.te
+++ b/private/app.te
@@ -58,8 +58,6 @@
# Allow to ro.camerax.extensions.enabled
get_prop(appdomain, camerax_extensions_prop)
-userdebug_or_eng(`perfetto_producer({ appdomain })')
-
# Prevent apps from causing presubmit failures.
# Apps can cause selinux denials by accessing CE storage
# and/or external storage. In either case, the selinux denial is
@@ -358,6 +356,12 @@
allow appdomain user_profile_data_file:dir w_dir_perms;
allow appdomain user_profile_data_file:file create_file_perms;
+# Allow writing performance tracing data into the perfetto traced daemon.
+# Needed for java heap graph ART plugin (perfetto_hprof).
+# The perfetto profiling daemon will check for the specific application's
+# opt-in/opt-out.
+perfetto_producer(appdomain)
+
# Send heap dumps to system_server via an already open file descriptor
# % adb shell am set-watch-heap com.android.systemui 1048576
# % adb shell dumpsys procstats --start-testing