Changes to allow trace redactor to run
Updates to allow profiling module to run new trace_redactor binary.
Allow the trace_redactor binary to read the input trace file and write
the output file.
Bug: 327423523
Test: build/flash and
atest CtsProfilingModuleTests#testRequestSystemTraceSuccess
Change-Id: Id6684d8a9891e9ed42fe115066e41a89a7e8a097
diff --git a/private/system_server.te b/private/system_server.te
index 9b3ddfd..bb84eed 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -586,9 +586,14 @@
# Allow system server to manage perfetto traces for ProfilingService.
allow system_server perfetto_traces_profiling_data_file:dir rw_dir_perms;
-allow system_server perfetto_traces_profiling_data_file:file { rw_file_perms unlink };
+allow system_server perfetto_traces_profiling_data_file:file create_file_perms;
allow system_server perfetto_traces_data_file:dir search;
+# Allow system server to exec the trace redactor cmdline client and kill the process for
+# ProfilingService.
+domain_auto_trans(system_server, trace_redactor_exec, trace_redactor);
+allow system_server trace_redactor:process signal;
+
# Allow system server to kill perfetto processes for ProfilingService.
allow system_server perfetto:process signal;
@@ -1319,7 +1324,8 @@
# Ensure that system_server doesn't perform any domain transitions other than
# transitioning to the crash_dump domain when a crash occurs or fork clatd.
-neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
+# add perfetto and trace_redactor which are exec'd from system server for ProfilingService.
+neverallow system_server { domain -clatd -crash_dump -perfetto -trace_redactor }:process transition;
neverallow system_server *:process dyntransition;
# Ensure that system_server doesn't access anything but search in perfetto_traces_data_file:dir.