| typeattribute traceur_app coredomain; |
| |
| app_domain(traceur_app); |
| allow traceur_app debugfs_tracing:file rw_file_perms; |
| allow traceur_app debugfs_tracing_debug:dir r_dir_perms; |
| |
| userdebug_or_eng(` |
| allow traceur_app debugfs_tracing_debug:file rw_file_perms; |
| ') |
| |
| allow traceur_app trace_data_file:file create_file_perms; |
| allow traceur_app trace_data_file:dir rw_dir_perms; |
| allow traceur_app wm_trace_data_file:dir rw_dir_perms; |
| allow traceur_app wm_trace_data_file:file { getattr r_file_perms unlink }; |
| allow traceur_app atrace_exec:file rx_file_perms; |
| |
| # To exec the perfetto cmdline client and pass it the trace config on |
| # stdint through a pipe. |
| allow traceur_app perfetto_exec:file rx_file_perms; |
| |
| # Allow to access traced's privileged consumer socket. |
| unix_socket_connect(traceur_app, traced_consumer, traced) |
| |
| dontaudit traceur_app debugfs_tracing_debug:file audit_access; |
| |
| set_prop(traceur_app, debug_prop) |
| |
| allow traceur_app servicemanager:service_manager list; |
| allow traceur_app hwservicemanager:hwservice_manager list; |
| |
| allow traceur_app { |
| service_manager_type |
| -apex_service |
| -dnsresolver_service |
| -gatekeeper_service |
| -incident_service |
| -installd_service |
| -lpdump_service |
| -mdns_service |
| -netd_service |
| -virtual_touchpad_service |
| -vold_service |
| -default_android_service |
| }:service_manager find; |
| |
| # Allow traceur_app to use atrace HAL |
| hal_client_domain(traceur_app, hal_atrace) |
| |
| dontaudit traceur_app service_manager_type:service_manager find; |
| dontaudit traceur_app hwservice_manager_type:hwservice_manager find; |
| dontaudit traceur_app domain:binder call; |