Enable Traceur on user builds.
Test: Standard Traceur workflow works successfully with no
selinux denials on a user build.
Bug: 64762598
Change-Id: I0dfe506d463b63d70c5bda03f8706041ea7ab448
diff --git a/private/domain.te b/private/domain.te
index 46d3189..dff7957 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -60,7 +60,7 @@
userdebug_or_eng(`-perfprofd')
userdebug_or_eng(`-traced_probes')
-shell
- userdebug_or_eng(`-traceur_app')
+ -traceur_app
} debugfs_tracing:file no_rw_file_perms;
# inotifyfs
diff --git a/private/statsd.te b/private/statsd.te
index a51a547..7221cba 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -86,7 +86,7 @@
-statsd
-system_app
-system_server
- userdebug_or_eng(`-traceur_app')
+ -traceur_app
} stats_service:service_manager find;
# Only statsd and the other root services in limited circumstances.
diff --git a/private/traceur_app.te b/private/traceur_app.te
index 539e8bc..e2d55f8 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te
@@ -1,10 +1,12 @@
typeattribute traceur_app coredomain;
+app_domain(traceur_app);
+allow traceur_app debugfs_tracing:file rw_file_perms;
+
userdebug_or_eng(`
- app_domain(traceur_app);
- allow traceur_app debugfs_tracing:file rw_file_perms;
allow traceur_app debugfs_tracing_debug:file rw_file_perms;
- allow traceur_app trace_data_file:file create_file_perms;
- allow traceur_app trace_data_file:dir { add_name getattr search write };
- allow traceur_app atrace_exec:file rx_file_perms;
')
+
+allow traceur_app trace_data_file:file create_file_perms;
+allow traceur_app trace_data_file:dir { add_name getattr search write };
+allow traceur_app atrace_exec:file rx_file_perms;