perfetto: allow traced to write into FDs received by the client

am: 5d317326 Change-Id: Id12c02eac66cff08093b572295812b99ffa2a792

perfetto: allow traced to write into FDs received by the client
fea6a129 · Primiano Tucci · android-build-merger · 2c69fe86 · 5d317326 · fea6a129
Commit fea6a129 authored 7 years ago by Primiano Tucci Committed by android-build-merger 7 years ago
--- a/private/traced.te
+++ b/private/traced.te
@@ -14,6 +14,13 @@ typeattribute traced_tmpfs mlstrustedobject;
 # the privileged process that controls it.
 allow traced self:global_capability_class_set { sys_nice };

+# Allow to pass a file descriptor for the output trace from "perfetto" (the
+# cmdline client) and other shell binaries to traced and let traced write
+# directly into that (rather than returning the trace contents over the socket).
+allow traced perfetto:fd use;
+allow traced shell:fd use;
+allow traced perfetto_traces_data_file:file { read write };
+
 ###
 ### Neverallow rules
 ###
@@ -42,7 +49,11 @@ neverallow traced {
 neverallow traced { system_data_file }:dir ~{ getattr search };
 neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
 neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced { data_file_type -zoneinfo_data_file }:file ~write;
+neverallow traced {
+  data_file_type
+  -zoneinfo_data_file
+  -perfetto_traces_data_file
+}:file ~write;

 # Only init is allowed to enter the traced domain via exec()
 neverallow { domain -init } traced:process transition;