commit 986b9af4fa9b7f127bb703ddc83503720610bbc8
author Andreas Gampe <agampe@google.com> Mon Apr 30 12:23:20 2018 -0700
committer Andreas Gampe <agampe@google.com> Thu May 03 10:57:30 2018 -0700
tree 44d5f8dc34ce62bc0bb5b5a427d67205a99a3400
parent c4ec97ab1fb29a74d811fc31f840c8980c079cc3

Sepolicy: Fix system server calling perfprofd

Give all the right permissions to find and send a message to
perfprofd from the system server.

Bug: 73175642
Test: m
Test: manual
Change-Id: I82b63ec097dcd445d9e8169fe0df4398d62ac184

private/perfprofd.te

diff --git a/private/perfprofd.te b/private/perfprofd.te
index 4da5410..2b4d537 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -4,5 +4,5 @@
 ')
 
 # Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
 neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index bdf0f24..c5b83ec 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -180,6 +180,9 @@
 binder_call(system_server, vold)
 binder_call(system_server, wificond)
 binder_call(system_server, wpantund)
+userdebug_or_eng(`
+  binder_call(system_server, perfprofd)
+')
 binder_service(system_server)
 
 # Use HALs
@@ -620,6 +623,9 @@
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wificond_service:service_manager find;
+userdebug_or_eng(`
+  allow system_server perfprofd_service:service_manager find;
+')
 
 allow system_server keystore:keystore_key {
 	get_state