From 723364f13602cc74d2adf37b5bce66abd10c4172 Mon Sep 17 00:00:00 2001
From: mukesh agrawal <quiche@google.com>
Date: Wed, 22 Feb 2017 18:01:00 -0800
Subject: [PATCH] allow WifiService to use tracing on user builds

Previously, we'd restricted WifiService's use of
the kernel's tracing feature to just userdebug_or_eng
builds.

This restriction was in place because the feature
had not yet been reviewed from a privacy perspective.
Now that the feature has passed privacy review, enable
the feature on all builds.

Note that other safeguards remain in place (on all
builds):
- The set of events to be monitored is configured by
  init, rather than WifiService (part of system_server).
  This privilege separation prevents a compromised
  system_server from tracing additional information.
- The trace events are kept only in RAM, until/unless
  WifiService receives a dump request. (This would happen,
  for example, in the case of adb dumpsys, or generating
  a bugreport.)

Bug: 35679234
Test: manual (see below)

Manual test details:
- flash device
- connect device to a wifi network
$ adb shell dumpsys wifi | grep rdev_connect
  [should see at least one matching line]

Change-Id: I85070054857d75177d0bcdeb9b2c95bfd7e3b6bc
---
 private/system_server.te |  8 +++-----
 public/init.te           | 10 ++++------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/private/system_server.te b/private/system_server.te
index 5db68504a..f16cd2d5d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -629,11 +629,9 @@ allow system_server sysfs_leds:file rw_file_perms;
 allow system_server sysfs_leds:dir r_dir_perms;
 ###
 
-userdebug_or_eng(`
-  # Allow WifiService to start, stop, and read wifi-specific trace events.
-  allow system_server debugfs_tracing_instances:dir search;
-  allow system_server debugfs_wifi_tracing:file rw_file_perms;
-')
+# Allow WifiService to start, stop, and read wifi-specific trace events.
+allow system_server debugfs_tracing_instances:dir search;
+allow system_server debugfs_wifi_tracing:file rw_file_perms;
 
 ###
 ### Neverallow rules
diff --git a/public/init.te b/public/init.te
index 86f062ab1..e1c67e5ca 100644
--- a/public/init.te
+++ b/public/init.te
@@ -188,12 +188,10 @@ allow init dev_type:lnk_file create;
 # Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
 allow init tracing_shell_writable:file w_file_perms;
 
-userdebug_or_eng(`
-  # Setup and control wifi event tracing (see wifi-events.rc)
-  allow init debugfs_tracing_instances:dir create_dir_perms;
-  allow init debugfs_tracing_instances:file w_file_perms;
-  allow init debugfs_wifi_tracing:file w_file_perms;
-')
+# Setup and control wifi event tracing (see wifi-events.rc)
+allow init debugfs_tracing_instances:dir create_dir_perms;
+allow init debugfs_tracing_instances:file w_file_perms;
+allow init debugfs_wifi_tracing:file w_file_perms;
 
 # chown/chmod on pseudo files.
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:file { open read setattr };
-- 
GitLab