Add atrace HAL 1.0 sepolicy
Bug: 111098596
Test: atrace/systrace
(cherry picked from commit 9ed5cf6e430a864630c2451bf35f18ac7668c12b)
Change-Id: I97772ff21754d03a0aea0d53b39e8da5312a17c0
diff --git a/vendor/file_contexts b/vendor/file_contexts
index c4e6648..44198cc 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -1,6 +1,7 @@
#############################
# Default HALs
#
+/(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.0-service u:object_r:hal_evs_default_exec:s0
diff --git a/vendor/hal_atrace_default.te b/vendor/hal_atrace_default.te
new file mode 100644
index 0000000..55c9730
--- /dev/null
+++ b/vendor/hal_atrace_default.te
@@ -0,0 +1,14 @@
+type hal_atrace_default, domain;
+hal_server_domain(hal_atrace_default, hal_atrace)
+
+type hal_atrace_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_atrace_default)
+
+# Allow atrace HAL to access tracefs.
+allow hal_atrace_default debugfs_tracing:dir r_dir_perms;
+allow hal_atrace_default debugfs_tracing:file rw_file_perms;
+
+userdebug_or_eng(`
+ allow hal_atrace_default debugfs_tracing_debug:dir r_dir_perms;
+ allow hal_atrace_default debugfs_tracing_debug:file rw_file_perms;
+')