From 6f2040f873119e2488f2419040baeae2f9cb61ba Mon Sep 17 00:00:00 2001
From: Hector Dearman <hjd@google.com>
Date: Mon, 19 Mar 2018 14:18:48 +0000
Subject: [PATCH] Allow system server to set persist.traced.enable

To enable/disable the traced and traced_probes deamons remotely we would
like system server to be able to set persist.traced.enable.
See also ag/3736001.

Denial:
selinux: avc: denied { set } for
property=persist.traced.enable
pid=1606 uid=1000 gid=1000
scontext=u:r:system_server:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service
permissive=0\x0a

Run:
$ adb shell 'ps -A | grep traced'
Should see traced.
$ adb shell 'settings put global sys_traced 0'
$ adb shell 'ps -A | grep traced'
Should no longer see traced.

Test: See above.
Change-Id: I245b7df3853cabeb0e75db41fb4facaa178ab8f1
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/compat/27.0/27.0.ignore.cil | 1 +
 private/property_contexts           | 1 +
 private/system_server.te            | 1 +
 public/property.te                  | 1 +
 5 files changed, 5 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 5f126fe58..6c7b31ad9 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -105,6 +105,7 @@
     traced_probes_exec
     traced_probes_tmpfs
     traced_producer_socket
+    traced_prop
     traced_tmpfs
     update_engine_log_data_file
     vendor_default_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index f7f429256..8ec640919 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -78,6 +78,7 @@
     traced_probes_exec
     traced_probes_tmpfs
     traced_producer_socket
+    traced_prop
     traced_tmpfs
     traceur_app
     traceur_app_tmpfs
diff --git a/private/property_contexts b/private/property_contexts
index ecde9d3ea..f3b05f95d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -59,6 +59,7 @@ persist.sys.audit_safemode      u:object_r:safemode_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
+persist.traced.         u:object_r:traced_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index d1571d692..d1cb3e9ee 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -497,6 +497,7 @@ set_prop(system_server, overlay_prop)
 set_prop(system_server, exported_overlay_prop)
 set_prop(system_server, pm_prop)
 set_prop(system_server, exported_pm_prop)
+set_prop(system_server, traced_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface
diff --git a/public/property.te b/public/property.te
index a099e87b6..77ee4f09a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -50,6 +50,7 @@ type shell_prop, property_type, core_property_type;
 type system_boot_reason_prop, property_type;
 type system_prop, property_type, core_property_type;
 type system_radio_prop, property_type, core_property_type;
+type traced_prop, property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;
-- 
GitLab