Ensure that only desired processes can access TracingServiceProxy This change adds a neverallow rule in traced.te to limit the processes that can find tracingproxy_service, the context for TracingServiceProxy. I wanted to avoid moving the tracingproxy_service definition to public, so there were a few services that are exempted from this neverallow rule. Bug: 191391382 Test: Manually verified that with this change, along with the other change in this topic, I see no errors when taking a bugreport while a Traceur trace is running. Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89

commit: a60d7f28f2e6f482500bbe7e3b6863e44d663dd0 [log] [tgz]
author: Carmen Jackson <carmenjackson@google.com> Wed Jun 23 16:53:45 2021 -0700
committer: Carmen Jackson <carmenjackson@google.com> Thu Jun 24 08:24:20 2021 +0000
tree: c8d4a22a136cad83c9db73409fc307a5e3fd658d
parent: 635853a710b624fa99a257d371618741e4b96799 [diff] [blame]
diff --git a/private/system_app.te b/private/system_app.te
index 10b8177..239686e 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -90,6 +90,7 @@
   -netd_service
   -system_suspend_control_internal_service
   -system_suspend_control_service
+  -tracingproxy_service
   -virtual_touchpad_service
   -vold_service
   -vr_hwc_service
commit	a60d7f28f2e6f482500bbe7e3b6863e44d663dd0	[log] [tgz]
author	Carmen Jackson <carmenjackson@google.com>	Wed Jun 23 16:53:45 2021 -0700
committer	Carmen Jackson <carmenjackson@google.com>	Thu Jun 24 08:24:20 2021 +0000
tree	c8d4a22a136cad83c9db73409fc307a5e3fd658d
parent	635853a710b624fa99a257d371618741e4b96799 [diff] [blame]