Skip to content
Snippets Groups Projects
Commit 146be01a authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Add selinux rules for detachable perfetto process."

parents 0eb6bff5 9678e079
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
private/traced.te
+ 3
0
View file @ 146be01a
...@@ -19,7 +19,9 @@ allow traced self:global_capability_class_set { sys_nice }; ...@@ -19,7 +19,9 @@ allow traced self:global_capability_class_set { sys_nice };
# directly into that (rather than returning the trace contents over the socket). # directly into that (rather than returning the trace contents over the socket).
allow traced perfetto:fd use; allow traced perfetto:fd use;
allow traced shell:fd use; allow traced shell:fd use;
allow traced traceur_app:fd use;
allow traced perfetto_traces_data_file:file { read write }; allow traced perfetto_traces_data_file:file { read write };
allow traced trace_data_file:file { read write };
### ###
### Neverallow rules ### Neverallow rules
...@@ -53,6 +55,7 @@ neverallow traced { ...@@ -53,6 +55,7 @@ neverallow traced {
data_file_type data_file_type
-zoneinfo_data_file -zoneinfo_data_file
-perfetto_traces_data_file -perfetto_traces_data_file
-trace_data_file
}:file ~write; }:file ~write;
# Only init is allowed to enter the traced domain via exec() # Only init is allowed to enter the traced domain via exec()
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment