Sepolicy: Silence /data/local/tmp access of perfprofd Until simpleperf does not optimistically try /data/local/tmp for tmp storage, silence the denials. Bug: 70232908 Test: m Test: manual Change-Id: Icbc230dbfbfa6493b4e494185c536a10e3b0ae7b

commit: ec5bcd70b03ccae47375db7b6719950897b3498c [log] [tgz]
author: Andreas Gampe <agampe@google.com> Tue Dec 05 13:51:50 2017 -0800
committer: Andreas Gampe <agampe@google.com> Wed Dec 06 10:19:39 2017 -0800
tree: da8cffd5eb923960879ab77d6693770d076a0dee
parent: 8b562206bf2c0ad966c246e4e03a34a0f71790de [diff]
diff --git a/public/perfprofd.te b/public/perfprofd.te
index 578391c..6ef600b 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te

@@ -56,4 +56,10 @@
   # needed for simpleperf on some kernels
   allow perfprofd self:global_capability_class_set ipc_lock;
 
+  # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
+  # use the fallback cwd code, do not spam the log. But ensure this is correctly
+  # removed at some point. b/70232908.
+  dontaudit perfprofd shell_data_file:dir *;
+  dontaudit perfprofd shell_data_file:file *;
+
 ')
commit	ec5bcd70b03ccae47375db7b6719950897b3498c	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Tue Dec 05 13:51:50 2017 -0800
committer	Andreas Gampe <agampe@google.com>	Wed Dec 06 10:19:39 2017 -0800
tree	da8cffd5eb923960879ab77d6693770d076a0dee
parent	8b562206bf2c0ad966c246e4e03a34a0f71790de [diff]