Add SElinux rules for /data/misc/trace
The directory is to be used in eng/userdebug build to store method
traces (previously stored in /data/dalvik-cache/profiles).
Bug: 25612377
Change-Id: Ia4365a8d1f13d33ee54115dc5e3bf62786503993
diff --git a/app.te b/app.te
index c8009dc..9a00b11 100644
--- a/app.te
+++ b/app.te
@@ -25,9 +25,13 @@
# Notify zygote of death;
allow appdomain zygote:process sigchld;
-# Notify zygote of the wrapped process PID when using --invoke-with.
userdebug_or_eng(`
+ # Notify zygote of the wrapped process PID when using --invoke-with.
allow appdomain zygote:fifo_file write;
+
+ # Allow apps to create and write method traces in /data/misc/trace.
+ allow appdomain method_trace_data_file:dir w_dir_perms;
+ allow appdomain method_trace_data_file:file { create w_file_perms };
')
# Notify shell and adbd of death when spawned via runas for ndk-gdb.
diff --git a/file.te b/file.te
index 383c3c5..d7b73ed 100644
--- a/file.te
+++ b/file.te
@@ -126,6 +126,8 @@
type zoneinfo_data_file, file_type, data_file_type;
type vold_data_file, file_type, data_file_type;
type perfprofd_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/misc/trace for method traces on userdebug / eng builds
+type method_trace_data_file, file_type, data_file_type, mlstrustedobject;
# Compatibility with type names used in vanilla Android 4.3 and 4.4.
typealias audio_data_file alias audio_firmware_file;
diff --git a/file_contexts b/file_contexts
index 107c73c..ffa2518 100644
--- a/file_contexts
+++ b/file_contexts
@@ -278,6 +278,7 @@
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
+/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
# Fingerprint data
/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
diff --git a/system_server.te b/system_server.te
index 8ab6755..13e3ccf 100644
--- a/system_server.te
+++ b/system_server.te
@@ -423,6 +423,12 @@
# Allow system process to relabel the fingerprint directory after mkdir
allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+userdebug_or_eng(`
+ # Allow system server to create and write method traces in /data/misc/trace.
+ allow system_server method_trace_data_file:dir w_dir_perms;
+ allow system_server method_trace_data_file:file { create w_file_perms };
+')
+
###
### Neverallow rules
###
diff --git a/zygote.te b/zygote.te
index d7a8a99..882ed80 100644
--- a/zygote.te
+++ b/zygote.te
@@ -68,6 +68,12 @@
# Handle --invoke-with command when launching Zygote with a wrapper command.
allow zygote zygote_exec:file rx_file_perms;
+userdebug_or_eng(`
+ # Allow zygote to create and write method traces in /data/misc/trace.
+ allow zygote method_trace_data_file:dir w_dir_perms;
+ allow zygote method_trace_data_file:file { create w_file_perms };
+')
+
###
### neverallow rules
###