Add selinux rules for detachable perfetto process.
This appears to be the minimum change required to accommodate Traceur
running the detachable Perfetto process.
Bug: 116754732
Test: Started a perfetto trace using --detach and it started
successfully.
Change-Id: I12881ae343389abdcc74af5f11ecbac99b03ef7c
diff --git a/private/traced.te b/private/traced.te
index 6571938..33c5ac0 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -19,7 +19,9 @@
# directly into that (rather than returning the trace contents over the socket).
allow traced perfetto:fd use;
allow traced shell:fd use;
+allow traced traceur_app:fd use;
allow traced perfetto_traces_data_file:file { read write };
+allow traced trace_data_file:file { read write };
###
### Neverallow rules
@@ -53,6 +55,7 @@
data_file_type
-zoneinfo_data_file
-perfetto_traces_data_file
+ -trace_data_file
}:file ~write;
# Only init is allowed to enter the traced domain via exec()