-
Vishnu Nair authored
- Allow system_server to create and write to /data/misc/wmtrace/* - Allow surfaceflinger to create and write files from /data/misc/wmtrace/* - Allow dumpstate to read files from /data/misc/wmtrace/* permissions are restricted to userdebug or eng builds Bug: 64831661 Test: adb shell cmd window tracing start && adb shell cmd window tracing stop Test: adb shell su root service call SurfaceFlinger 1025 i32 1 >/dev/null && adb shell su root service call SurfaceFlinger 1025 i32 0 >/dev/null Test: adb bugreport ~/tmp.zip && adb shell su root dmesg | grep 'avc: ' Change-Id: I0b15166560739d73d7749201f3ad197dbcf5791c
2d6942d3
dumpstate.te 1002 B
typeattribute dumpstate coredomain;
init_daemon_domain(dumpstate)
# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)
# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
allow dumpstate system_file:file lock;
# TODO: deal with tmpfs_domain pub/priv split properly
allow dumpstate dumpstate_tmpfs:file execute;
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
allow dumpstate debugfs_trace_marker:file getattr;
allow dumpstate atrace_exec:file rx_file_perms;
allow dumpstate storaged_exec:file rx_file_perms;
# /data/misc/wmtrace for wm traces
userdebug_or_eng(`
allow dumpstate wm_trace_data_file:dir r_dir_perms;
allow dumpstate wm_trace_data_file:file r_file_perms;
')
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)