Max Bires | 4ea5569 | 2017-12-11 16:19:23 -0800 | [diff] [blame] | 1 | typeattribute traceur_app coredomain; |
| 2 | |
Jeff Vander Stoep | de04528 | 2018-01-09 12:24:47 -0800 | [diff] [blame] | 3 | app_domain(traceur_app); |
| 4 | allow traceur_app debugfs_tracing:file rw_file_perms; |
Carmen Jackson | 2c8ca45 | 2018-01-30 18:14:45 -0800 | [diff] [blame] | 5 | allow traceur_app debugfs_tracing_debug:dir r_dir_perms; |
Jeff Vander Stoep | de04528 | 2018-01-09 12:24:47 -0800 | [diff] [blame] | 6 | |
Max Bires | 4ea5569 | 2017-12-11 16:19:23 -0800 | [diff] [blame] | 7 | userdebug_or_eng(` |
Max Bires | 35c3638 | 2018-01-15 16:44:04 -0800 | [diff] [blame] | 8 | allow traceur_app debugfs_tracing_debug:file rw_file_perms; |
Max Bires | 4ea5569 | 2017-12-11 16:19:23 -0800 | [diff] [blame] | 9 | ') |
Jeff Vander Stoep | de04528 | 2018-01-09 12:24:47 -0800 | [diff] [blame] | 10 | |
| 11 | allow traceur_app trace_data_file:file create_file_perms; |
Carmen Jackson | fa0bf19 | 2018-02-20 14:47:08 -0800 | [diff] [blame] | 12 | allow traceur_app trace_data_file:dir rw_dir_perms; |
Kean Mariotti | 7cce6f5 | 2023-08-14 09:46:18 +0000 | [diff] [blame] | 13 | allow traceur_app wm_trace_data_file:dir rw_dir_perms; |
| 14 | allow traceur_app wm_trace_data_file:file { getattr r_file_perms unlink }; |
Jeff Vander Stoep | de04528 | 2018-01-09 12:24:47 -0800 | [diff] [blame] | 15 | allow traceur_app atrace_exec:file rx_file_perms; |
Carmen Jackson | 2c8ca45 | 2018-01-30 18:14:45 -0800 | [diff] [blame] | 16 | |
Carmen Jackson | 76d7046 | 2018-10-19 17:01:24 -0700 | [diff] [blame] | 17 | # To exec the perfetto cmdline client and pass it the trace config on |
| 18 | # stdint through a pipe. |
| 19 | allow traceur_app perfetto_exec:file rx_file_perms; |
| 20 | |
| 21 | # Allow to access traced's privileged consumer socket. |
| 22 | unix_socket_connect(traceur_app, traced_consumer, traced) |
| 23 | |
Carmen Jackson | 2c8ca45 | 2018-01-30 18:14:45 -0800 | [diff] [blame] | 24 | dontaudit traceur_app debugfs_tracing_debug:file audit_access; |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 25 | |
Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 26 | set_prop(traceur_app, debug_prop) |
Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 27 | |
| 28 | allow traceur_app servicemanager:service_manager list; |
| 29 | allow traceur_app hwservicemanager:hwservice_manager list; |
| 30 | |
| 31 | allow traceur_app { |
| 32 | service_manager_type |
| 33 | -apex_service |
| 34 | -dnsresolver_service |
| 35 | -gatekeeper_service |
| 36 | -incident_service |
| 37 | -installd_service |
| 38 | -lpdump_service |
| 39 | -mdns_service |
| 40 | -netd_service |
| 41 | -virtual_touchpad_service |
| 42 | -vold_service |
| 43 | -default_android_service |
| 44 | }:service_manager find; |
| 45 | |
| 46 | # Allow traceur_app to use atrace HAL |
| 47 | hal_client_domain(traceur_app, hal_atrace) |
| 48 | |
| 49 | dontaudit traceur_app service_manager_type:service_manager find; |
| 50 | dontaudit traceur_app hwservice_manager_type:hwservice_manager find; |
| 51 | dontaudit traceur_app domain:binder call; |