Sepolicy for mm events trace instance Allow traced_probes read write access to configure mm_events trace instance and poll trace_pipe_raw Bug: 155928119 Test: No denials in logcat Change-Id: Ib65ab2e7be8daa6b8c412ffea909072583db7002

commit: aab7a738680d6d24ea321e9289e784601bd23103 [log] [tgz]
author: Kalesh Singh <kaleshsingh@google.com> Fri Jan 15 11:12:56 2021 -0500
committer: Kalesh Singh <kaleshsingh@google.com> Mon Jan 25 12:01:27 2021 -0500
tree: 2fa2e4851ef0f62e268eca4d931e5396ccad756e
parent: 51872d888d2d3c02b0e078b3171354b23bc88911 [diff] [blame]
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 9da4d94..78b8843 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te

@@ -16,6 +16,11 @@
 allow traced_probes debugfs_trace_marker:file getattr;
 allow traced_probes debugfs_tracing_printk_formats:file r_file_perms;
 
+# Allow traced_probes to access mm_events trace instance
+allow traced_probes debugfs_tracing_instances:dir search;
+allow traced_probes debugfs_mm_events_tracing:dir search;
+allow traced_probes debugfs_mm_events_tracing:file rw_file_perms;
+
 # TODO(primiano): temporarily I/O tracing categories are still
 # userdebug only until we nail down the denylist/allowlist.
 userdebug_or_eng(`
@@ -134,3 +139,4 @@
 # Only init is allowed to enter the traced_probes domain via exec()
 neverallow { domain -init } traced_probes:process transition;
 neverallow * traced_probes:process dyntransition;
+
commit	aab7a738680d6d24ea321e9289e784601bd23103	[log] [tgz]
author	Kalesh Singh <kaleshsingh@google.com>	Fri Jan 15 11:12:56 2021 -0500
committer	Kalesh Singh <kaleshsingh@google.com>	Mon Jan 25 12:01:27 2021 -0500
tree	2fa2e4851ef0f62e268eca4d931e5396ccad756e
parent	51872d888d2d3c02b0e078b3171354b23bc88911 [diff] [blame]