From 92fdd8954f80ef1a269f703b377ff827a43623a2 Mon Sep 17 00:00:00 2001 From: Joel Galenson <jgalenson@google.com> Date: Tue, 13 Jun 2017 10:08:54 -0700 Subject: [PATCH] Properly give some files the debugfs_tracing context only in debug mode. One of my previous commits removed this, so I am now restoring it. This commit also contains a bit of cleanup from previous commits by removing some unneeded types. It also fixes traceur by porting ag/2409144 to master. Bug: 62413700, 62547086 Test: Built, flashed, and booted Marlin. Verified that the files have the correct context. Verified that atrace and traceur work. Change-Id: I76fa0e9060aff554687d57ab3976c8704a4068f0 --- private/atrace.te | 4 ++-- private/genfs_contexts | 35 +++++++++++++++++++++++++++++++++++ private/shell.te | 2 +- public/file.te | 3 +-- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/private/atrace.te b/private/atrace.te index 8740b63c7..5de9f994b 100644 --- a/private/atrace.te +++ b/private/atrace.te @@ -13,8 +13,8 @@ userdebug_or_eng(` # Allow atrace to access tracefs. allow atrace debugfs_tracing:dir r_dir_perms; - allow atrace debugfs_tracing:file r_file_perms; - allow atrace tracing_shell_writable:file rw_file_perms; + allow atrace debugfs_tracing:file rw_file_perms; + allow atrace debugfs_tracing_debug:file rw_file_perms; allow atrace debugfs_trace_marker:file getattr; # atrace sets debug.atrace.* properties diff --git a/private/genfs_contexts b/private/genfs_contexts index dfd8d9ccd..26a64bd40 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -72,6 +72,41 @@ genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0 genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0 genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon debugfs /tracing/events/sync/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/workqueue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/regulator/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/pagecache/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/irq/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ipi/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/sync/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/workqueue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/regulator/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/pagecache/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/irq/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ipi/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing_debug:s0 + genfscon inotifyfs / u:object_r:inotify:s0 genfscon vfat / u:object_r:vfat:s0 genfscon debugfs / u:object_r:debugfs:s0 diff --git a/private/shell.te b/private/shell.te index 6e691513d..5299532ac 100644 --- a/private/shell.te +++ b/private/shell.te @@ -13,7 +13,7 @@ allow shell atrace_exec:file rx_file_perms; allow shell config_gz:file r_file_perms; userdebug_or_eng(` - allow shell tracing_shell_writable_debug:file rw_file_perms; + allow shell debugfs_tracing_debug:file rw_file_perms; ') # Run app_process. diff --git a/public/file.te b/public/file.te index 56533189c..1f3dfe93f 100644 --- a/public/file.te +++ b/public/file.te @@ -67,10 +67,9 @@ type debugfs, fs_type; type debugfs_mmc, fs_type, debugfs_type; type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; type debugfs_tracing, fs_type, debugfs_type; +type debugfs_tracing_debug, fs_type, debugfs_type; type debugfs_tracing_instances, fs_type, debugfs_type; type debugfs_wifi_tracing, fs_type, debugfs_type; -type tracing_shell_writable, fs_type, debugfs_type; -type tracing_shell_writable_debug, fs_type, debugfs_type; type pstorefs, fs_type; type functionfs, fs_type, mlstrustedobject; -- GitLab