Merge "Allow traced to create files within /data/misc/perfetto-traces"

commit: 951106b990092743fb178cefb1e97ce1668b2878 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Apr 14 13:34:05 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Apr 14 13:34:05 2020 +0000
tree: b388caaef26c79fa2bcbb6261e5f57f8cdaa7f4c
parent: b60b51d3524cb94c80c225c0d907acbf2519f2d2 [diff]
parent: 386d95b15fee1ad0fb07394a40e89f39de694ee8 [diff]
diff --git a/private/traced.te b/private/traced.te
index 7ecfb7f..2410d7e 100644
--- a/private/traced.te
+++ b/private/traced.te

@@ -24,7 +24,10 @@
 allow traced perfetto:fd use;
 allow traced shell:fd use;
 allow traced shell:fifo_file { read write };
-allow traced perfetto_traces_data_file:file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
 
 # Allow traceur to pass open file descriptors to traced, so traced can directly
 # write into the output file without doing roundtrips over IPC.
@@ -78,6 +81,7 @@
 # passed through the socket.
 neverallow traced {
   data_file_type
+  -perfetto_traces_data_file
   -system_data_file
   -system_data_root_file
   # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
commit	951106b990092743fb178cefb1e97ce1668b2878	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Apr 14 13:34:05 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Apr 14 13:34:05 2020 +0000
tree	b388caaef26c79fa2bcbb6261e5f57f8cdaa7f4c
parent	b60b51d3524cb94c80c225c0d907acbf2519f2d2 [diff]
parent	386d95b15fee1ad0fb07394a40e89f39de694ee8 [diff]