From f255d775fceb18df08011f61560815cd1bfe47fd Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Tue, 10 Nov 2015 18:49:57 +0000
Subject: [PATCH] Add SElinux rules for /data/misc/trace

The directory is to be used in eng/userdebug build to store method
traces (previously stored in /data/dalvik-cache/profiles).

Bug: 25612377

Change-Id: Ia4365a8d1f13d33ee54115dc5e3bf62786503993
---
 app.te           | 6 +++++-
 file.te          | 2 ++
 file_contexts    | 1 +
 system_server.te | 6 ++++++
 zygote.te        | 6 ++++++
 5 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/app.te b/app.te
index c8009dc52..9a00b11b7 100644
--- a/app.te
+++ b/app.te
@@ -25,9 +25,13 @@ allow appdomain zygote_tmpfs:file read;
 # Notify zygote of death;
 allow appdomain zygote:process sigchld;
 
-# Notify zygote of the wrapped process PID when using --invoke-with.
 userdebug_or_eng(`
+  # Notify zygote of the wrapped process PID when using --invoke-with.
   allow appdomain zygote:fifo_file write;
+
+  # Allow apps to create and write method traces in /data/misc/trace.
+  allow appdomain method_trace_data_file:dir w_dir_perms;
+  allow appdomain method_trace_data_file:file { create w_file_perms };
 ')
 
 # Notify shell and adbd of death when spawned via runas for ndk-gdb.
diff --git a/file.te b/file.te
index 383c3c5a9..d7b73ed12 100644
--- a/file.te
+++ b/file.te
@@ -126,6 +126,8 @@ type wifi_data_file, file_type, data_file_type;
 type zoneinfo_data_file, file_type, data_file_type;
 type vold_data_file, file_type, data_file_type;
 type perfprofd_data_file, file_type, data_file_type, mlstrustedobject;
+# /data/misc/trace for method traces on userdebug / eng builds
+type method_trace_data_file, file_type, data_file_type, mlstrustedobject;
 
 # Compatibility with type names used in vanilla Android 4.3 and 4.4.
 typealias audio_data_file alias audio_firmware_file;
diff --git a/file_contexts b/file_contexts
index 107c73c2d..ffa251898 100644
--- a/file_contexts
+++ b/file_contexts
@@ -278,6 +278,7 @@
 /data/misc/perfprofd(/.*)?      u:object_r:perfprofd_data_file:s0
 /data/misc/update_engine(/.*)?  u:object_r:update_engine_data_file:s0
 /data/system/heapdump(/.*)?     u:object_r:heapdump_data_file:s0
+/data/misc/trace(/.*)?          u:object_r:method_trace_data_file:s0
 
 # Fingerprint data
 /data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0
diff --git a/system_server.te b/system_server.te
index 8ab675505..13e3ccf28 100644
--- a/system_server.te
+++ b/system_server.te
@@ -423,6 +423,12 @@ allow system_server mnt_expand_file:dir r_dir_perms;
 # Allow system process to relabel the fingerprint directory after mkdir
 allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
 
+userdebug_or_eng(`
+  # Allow system server to create and write method traces in /data/misc/trace.
+  allow system_server method_trace_data_file:dir w_dir_perms;
+  allow system_server method_trace_data_file:file { create w_file_perms };
+')
+
 ###
 ### Neverallow rules
 ###
diff --git a/zygote.te b/zygote.te
index d7a8a997a..882ed802b 100644
--- a/zygote.te
+++ b/zygote.te
@@ -68,6 +68,12 @@ allow zygote storage_file:dir { search mounton };
 # Handle --invoke-with command when launching Zygote with a wrapper command.
 allow zygote zygote_exec:file rx_file_perms;
 
+userdebug_or_eng(`
+  # Allow zygote to create and write method traces in /data/misc/trace.
+  allow zygote method_trace_data_file:dir w_dir_perms;
+  allow zygote method_trace_data_file:file { create w_file_perms };
+')
+
 ###
 ### neverallow rules
 ###
-- 
GitLab