Allow heap profiling everything except TCB on userdebug.
Bug: 117762471
Test: m
Test: flash sailfish
Test: profile all running processes with setenforce 1
Change-Id: I71d41d06d2a62190e33b7e3e425a1f7b8039196e
diff --git a/public/domain.te b/public/domain.te
index 09eb3e6..67002c9 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -776,6 +776,7 @@
userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
-init
-tombstoned # TODO(b/36604251): Remove tombstoned from this list once mediacodec (OMX HAL) no longer declares Binder services
+ userdebug_or_eng('-heapprofd`)
});
')
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index 2931cb5..8fe6bbe 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -33,6 +33,7 @@
-logd
userdebug_or_eng(`-su')
-tombstoned
+ userdebug_or_eng(`-heapprofd')
}:{ unix_dgram_socket unix_stream_socket } *;
# Should never need access to anything on /data