sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout This CL adds rules to allow traced_probes to dup a pipe as the stderr for atrace and also send a sigkill to atrace after a timeout. This fixes b/119656920 Change-Id: Ie66aaba47c11ef7c733b442f35fee042b7c546fb

commit: d6ae1a5e42a5cd633234cd7de04fef6b4635376a [log] [tgz]
author: Lalit Maganti <lalitm@google.com> Fri Nov 16 12:17:24 2018 +0000
committer: Lalit Maganti <lalitm@google.com> Fri Nov 16 14:47:19 2018 +0000
tree: 6d0a305fb126fc0e1fca3b6e1c4fa90ad5a41b8c
parent: e00ca14cbbf3256f36d145bf219879833ddccf9b [diff] [blame]
diff --git a/private/traced_probes.te b/private/traced_probes.te
index e173293..f84d698 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te

@@ -53,9 +53,8 @@
 # their userspace TRACE macros.
 domain_auto_trans(traced_probes, atrace_exec, atrace);
 
-# This is needed for: path="/system/bin/linker64"
-# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
-allow atrace traced_probes:fd use;
+# Allow traced_probes to kill atrace on timeout.
+allow traced_probes atrace:process sigkill;
 
 # Allow traced_probes to access /proc files for system stats.
 # Note: trace data is NOT exposed to anything other than shell and privileged
commit	d6ae1a5e42a5cd633234cd7de04fef6b4635376a	[log] [tgz]
author	Lalit Maganti <lalitm@google.com>	Fri Nov 16 12:17:24 2018 +0000
committer	Lalit Maganti <lalitm@google.com>	Fri Nov 16 14:47:19 2018 +0000
tree	6d0a305fb126fc0e1fca3b6e1c4fa90ad5a41b8c
parent	e00ca14cbbf3256f36d145bf219879833ddccf9b [diff] [blame]