Merge "Add window trace files SELinux policy rules"

97c86514 · Treehugger Robot · Gerrit Code Review · 499fd010 · 2d6942d3 · 97c86514
Commit 97c86514 authored 7 years ago by Treehugger Robot Committed by Gerrit Code Review 7 years ago
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -42,7 +42,8 @@
    wpantund
    wpantund_exec
    wpantund_service
-    wpantund_tmpfs))
+    wpantund_tmpfs
+    wm_trace_data_file))

 ;; private_objects - a collection of types that were labeled differently in
 ;;     older policy, but that should not remain accessible to vendor policy.

--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -18,6 +18,12 @@ allow dumpstate debugfs_trace_marker:file getattr;
 allow dumpstate atrace_exec:file rx_file_perms;
 allow dumpstate storaged_exec:file rx_file_perms;

+# /data/misc/wmtrace for wm traces
+userdebug_or_eng(`
+  allow dumpstate wm_trace_data_file:dir r_dir_perms;
+  allow dumpstate wm_trace_data_file:file r_file_perms;
+')
+
 # Allow dumpstate to make binder calls to storaged service
 binder_call(dumpstate, storaged)


--- a/private/file.te
+++ b/private/file.te
@@ -3,3 +3,6 @@ type config_gz, fs_type;

 # /data/misc/storaged
 type storaged_data_file, file_type, data_file_type, core_data_file_type;
+
+# /data/misc/wmtrace for wm traces
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -390,6 +390,7 @@
 /data/misc/update_engine_log(/.*)?  u:object_r:update_engine_log_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
 /data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
+/data/misc/wmtrace(/.*)?        u:object_r:wm_trace_data_file:s0
 # TODO(calin) label profile reference differently so that only
 # profman run as a special user can write to them
 /data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0

--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -52,6 +52,12 @@ set_prop(surfaceflinger, ctl_bootanim_prop)
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger app_data_file:file { read write };

+# Allow writing surface traces to /data/misc/wmtrace.
+userdebug_or_eng(`
+  allow surfaceflinger wm_trace_data_file:dir rw_dir_perms;
+  allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms };
+')
+
 # Use socket supplied by adbd, for cmd gpu vkjson etc.
 allow surfaceflinger adbd:unix_stream_socket { read write getattr };


--- a/private/system_server.te
+++ b/private/system_server.te
@@ -641,6 +641,10 @@ userdebug_or_eng(`

  # Allow system server to read dmesg
  allow system_server kernel:system syslog_read;
+
+  # Allow writing window traces in /data/misc/wmtrace.
+  allow system_server wm_trace_data_file:dir rw_dir_perms;
+  allow system_server wm_trace_data_file:file { getattr setattr create w_file_perms };
 ')

 # For AppFuse.