From ec5bcd70b03ccae47375db7b6719950897b3498c Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Tue, 5 Dec 2017 13:51:50 -0800
Subject: [PATCH] Sepolicy: Silence /data/local/tmp access of perfprofd

Until simpleperf does not optimistically try /data/local/tmp for
tmp storage, silence the denials.

Bug: 70232908
Test: m
Test: manual
Change-Id: Icbc230dbfbfa6493b4e494185c536a10e3b0ae7b
---
 public/perfprofd.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/perfprofd.te b/public/perfprofd.te
index 578391cfd..6ef600b2b 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -56,4 +56,10 @@ userdebug_or_eng(`
   # needed for simpleperf on some kernels
   allow perfprofd self:global_capability_class_set ipc_lock;
 
+  # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
+  # use the fallback cwd code, do not spam the log. But ensure this is correctly
+  # removed at some point. b/70232908.
+  dontaudit perfprofd shell_data_file:dir *;
+  dontaudit perfprofd shell_data_file:file *;
+
 ')
-- 
GitLab