sepolicy: add perfetto_producer for platform_app and system_app
This addresses the following SELinux failure:
trigger_perfett: type=1400 audit(0.0:331): avc: denied { write }
for name="traced_producer" dev="tmpfs" ino=35064
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:traced_producer_socket:s0
tclass=sock_file permissive=0 app=com.android.systemui
This is necessary so that, on user builds, system apps like systemui can
trigger Perfetto traces. This is already allowed on userdebug/end by the
capability in app.te.
In a follow up, we'll probably remove all the perfetto_producer in the
*_app.te and remove the userdebug_or_eng in app.te.
Bug: 190620348
Change-Id: I715979970cde760efdf4497c7cd2a2039ca86c85
diff --git a/private/system_app.te b/private/system_app.te
index 48d5f9d..10b8177 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -169,6 +169,9 @@
# Settings app reads ro.oem_unlock_supported
get_prop(system_app, oem_unlock_prop)
+# Allow system apps to act as Perfetto producers.
+perfetto_producer(system_app)
+
###
### Neverallow rules
###