Selinux: Fix perfprofd policy

Update for debugfs labeling changes. Update for simpleperf behavior with stack traces (temp file). Bug: 73175642 Test: m Test: manual - run profiling, look for logs Change-Id: Ie000a00ef56cc603f498d48d89001f566c03b661

Selinux: Fix perfprofd policy
c8fe29ff · Andreas Gampe · a6d9d6b6 · c8fe29ff
Commit c8fe29ff authored 6 years ago by Andreas Gampe
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -82,10 +82,12 @@ userdebug_or_eng(`

  # simpleperf examines debugfs on startup to collect tracepoint event types
  r_dir_file(perfprofd, debugfs_tracing)
-  allow perfprofd debugfs_tracing_debug:file r_file_perms;
+  r_dir_file(perfprofd, debugfs_tracing_debug)

  # simpleperf is going to execute "sleep"
  allow perfprofd toolbox_exec:file rx_file_perms;
+  # simpleperf is going to execute "mv" on a temp file
+  allow perfprofd shell_exec:file rx_file_perms;

  # needed for simpleperf on some kernels
  allow perfprofd self:global_capability_class_set ipc_lock;