Add SElinux rules for /data/misc/trace

am: f255d775 * commit 'f255d775': Add SElinux rules for /data/misc/trace

Add SElinux rules for /data/misc/trace
1ca5efe9 · Calin Juravle · android-build-merger · c97f86eb · f255d775 · 1ca5efe9
Commit 1ca5efe9 authored 9 years ago by Calin Juravle Committed by android-build-merger 9 years ago
--- a/app.te
+++ b/app.te
@@ -25,9 +25,13 @@ allow appdomain zygote_tmpfs:file read;
 # Notify zygote of death;
 allow appdomain zygote:process sigchld;

-# Notify zygote of the wrapped process PID when using --invoke-with.
 userdebug_or_eng(`
+  # Notify zygote of the wrapped process PID when using --invoke-with.
  allow appdomain zygote:fifo_file write;
+
+  # Allow apps to create and write method traces in /data/misc/trace.
+  allow appdomain method_trace_data_file:dir w_dir_perms;
+  allow appdomain method_trace_data_file:file { create w_file_perms };
 ')

 # Notify shell and adbd of death when spawned via runas for ndk-gdb.

--- a/file.te
+++ b/file.te
@@ -126,6 +126,8 @@ type wifi_data_file, file_type, data_file_type;
 type zoneinfo_data_file, file_type, data_file_type;
 type vold_data_file, file_type, data_file_type;
 type perfprofd_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/misc/trace for method traces on userdebug / eng builds
+type method_trace_data_file, file_type, data_file_type, mlstrustedobject;

 # Compatibility with type names used in vanilla Android 4.3 and 4.4.
 typealias audio_data_file alias audio_firmware_file;

--- a/file_contexts
+++ b/file_contexts
@@ -278,6 +278,7 @@
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
+/data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0

 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0

--- a/system_server.te
+++ b/system_server.te
@@ -423,6 +423,12 @@ allow system_server mnt_expand_file:dir r_dir_perms;
 # Allow system process to relabel the fingerprint directory after mkdir
 allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};

+userdebug_or_eng(`
+  # Allow system server to create and write method traces in /data/misc/trace.
+  allow system_server method_trace_data_file:dir w_dir_perms;
+  allow system_server method_trace_data_file:file { create w_file_perms };
+')
+
 ###
 ### Neverallow rules
 ###

--- a/zygote.te
+++ b/zygote.te
@@ -68,6 +68,12 @@ allow zygote storage_file:dir { search mounton };
 # Handle --invoke-with command when launching Zygote with a wrapper command.
 allow zygote zygote_exec:file rx_file_perms;

+userdebug_or_eng(`
+  # Allow zygote to create and write method traces in /data/misc/trace.
+  allow zygote method_trace_data_file:dir w_dir_perms;
+  allow zygote method_trace_data_file:file { create w_file_perms };
+')
+
 ###
 ### neverallow rules
 ###