sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout This CL adds rules to allow traced_probes to dup a pipe as the stderr for atrace and also send a sigkill to atrace after a timeout. This fixes b/119656920 Change-Id: Ie66aaba47c11ef7c733b442f35fee042b7c546fb

commit: d6ae1a5e42a5cd633234cd7de04fef6b4635376a [log] [tgz]
author: Lalit Maganti <lalitm@google.com> Fri Nov 16 12:17:24 2018 +0000
committer: Lalit Maganti <lalitm@google.com> Fri Nov 16 14:47:19 2018 +0000
tree: 6d0a305fb126fc0e1fca3b6e1c4fa90ad5a41b8c
parent: e00ca14cbbf3256f36d145bf219879833ddccf9b [diff] [blame]
diff --git a/private/atrace.te b/private/atrace.te
index a60370d..9cbe71a 100644
--- a/private/atrace.te
+++ b/private/atrace.te

@@ -13,6 +13,11 @@
 allow atrace debugfs_tracing:file rw_file_perms;
 allow atrace debugfs_trace_marker:file getattr;
 
+# Allow atrace to write data when a pipe is used for stdout/stderr
+# This is used by Perfetto to capture the output on error in atrace.
+allow atrace traced_probes:fd use;
+allow atrace traced_probes:fifo_file write;
+
 # atrace sets debug.atrace.* properties
 set_prop(atrace, debug_prop)
commit	d6ae1a5e42a5cd633234cd7de04fef6b4635376a	[log] [tgz]
author	Lalit Maganti <lalitm@google.com>	Fri Nov 16 12:17:24 2018 +0000
committer	Lalit Maganti <lalitm@google.com>	Fri Nov 16 14:47:19 2018 +0000
tree	6d0a305fb126fc0e1fca3b6e1c4fa90ad5a41b8c
parent	e00ca14cbbf3256f36d145bf219879833ddccf9b [diff] [blame]