Merge "Add window trace files SELinux policy rules" am: 97c86514 am: dcd0baf6

am: 51871966 Change-Id: Id7363e8c5e6bc6a41bb74e0536eb80577189107d

Merge "Add window trace files SELinux policy rules" am: 97c86514 am: dcd0baf6
219d62c1 · Vishnu Nair · android-build-merger · 92a4cb2e · 51871966 · 219d62c1
Commit 219d62c1 authored 7 years ago by Vishnu Nair Committed by android-build-merger 7 years ago
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -43,7 +43,8 @@
    wpantund
    wpantund_exec
    wpantund_service
-    wpantund_tmpfs))
+    wpantund_tmpfs
+    wm_trace_data_file))
 ;; private_objects - a collection of types that were labeled differently in
 ;;     older policy, but that should not remain accessible to vendor policy.

--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -18,6 +18,12 @@ allow dumpstate debugfs_trace_marker:file getattr;
 allow dumpstate atrace_exec:file rx_file_perms;
 allow dumpstate storaged_exec:file rx_file_perms;
+# /data/misc/wmtrace for wm traces
+userdebug_or_eng(`
+  allow dumpstate wm_trace_data_file:dir r_dir_perms;
+  allow dumpstate wm_trace_data_file:file r_file_perms;
+')
 # Allow dumpstate to make binder calls to storaged service
 binder_call(dumpstate, storaged)

--- a/private/file.te
+++ b/private/file.te
@@ -3,3 +3,6 @@ type config_gz, fs_type;
 # /data/misc/storaged
 type storaged_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/wmtrace for wm traces
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -388,6 +388,7 @@
 /data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
+/data/misc/wmtrace(/.*)?        u:object_r:wm_trace_data_file:s0
 # TODO(calin) label profile reference differently so that only
 # profman run as a special user can write to them
 /data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0

--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -52,6 +52,12 @@ set_prop(surfaceflinger, ctl_bootanim_prop)
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger app_data_file:file { read write };
+# Allow writing surface traces to /data/misc/wmtrace.
+userdebug_or_eng(`
+  allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
+  allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
+')
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -643,6 +643,10 @@ userdebug_or_eng(`
  # Allow system server to read dmesg
  allow system_server kernel:system syslog_read;
+  # Allow writing window traces in /data/misc/wmtrace.
+  allow system_server wm_trace_data_file:dir rw_dir_perms;
+  allow system_server wm_trace_data_file:file { getattr setattr create w_file_perms };
 ')
 # For AppFuse.