From 25788df11580805a1d1dd082f7a50cbada31bbf0 Mon Sep 17 00:00:00 2001 From: Carmen Jackson <carmenjackson@google.com> Date: Fri, 14 Apr 2017 12:12:50 -0700 Subject: [PATCH] Add selinux rules for additional file contexts in userdebug These rules allow the additional tracepoints we need for running traceur in userdebug builds to be writeable. Bug: 37110010 Test: I'm testing by running atrace -l and confirming that the tracepoints that I'm attempting to enable are available. Change-Id: Ia352100ed67819ae5acca2aad803fa392d8b80fd --- private/file_contexts | 22 ++++++++++++++++++++++ private/shell.te | 4 ++++ public/file.te | 2 ++ 3 files changed, 28 insertions(+) diff --git a/private/file_contexts b/private/file_contexts index 66daf034c..81b0aae1d 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -495,6 +495,28 @@ /sys/kernel(/debug)?/tracing/trace_marker u:object_r:debugfs_trace_marker:s0 /sys/kernel(/debug)?/tracing/tracing_on u:object_r:tracing_shell_writable:s0 +########################################### +# debug-only tracing +# +/sys/kernel/debug/tracing/events/sync/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/workqueue/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/regulator/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/pagecache/enable u:object_r:tracing_shell_writable_debug:s0 + +/sys/kernel/debug/tracing/events/irq/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/ipi/enable u:object_r:tracing_shell_writable_debug:s0 + +/sys/kernel/debug/tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/f2fs/f2fs_write_begin/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/f2fs/f2fs_write_end/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/ext4/ext4_da_write_begin/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/ext4/ext4_da_write_end/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/block/block_rq_issue/enable u:object_r:tracing_shell_writable_debug:s0 +/sys/kernel/debug/tracing/events/block/block_rq_complete/enable u:object_r:tracing_shell_writable_debug:s0 + ############################# # asec containers /mnt/asec(/.*)? u:object_r:asec_apk_file:s0 diff --git a/private/shell.te b/private/shell.te index c24bfd329..c0b4ee5a7 100644 --- a/private/shell.te +++ b/private/shell.te @@ -7,6 +7,10 @@ allow shell tracing_shell_writable:file rw_file_perms; allow shell debugfs_trace_marker:file getattr; allow shell atrace_exec:file rx_file_perms; +userdebug_or_eng(` + allow shell tracing_shell_writable_debug:file rw_file_perms; +') + # Run app_process. # XXX Transition into its own domain? app_domain(shell) diff --git a/public/file.te b/public/file.te index 35bbd6db7..eacfc2cfd 100644 --- a/public/file.te +++ b/public/file.te @@ -69,6 +69,8 @@ type debugfs_tracing, fs_type, debugfs_type; type debugfs_tracing_instances, fs_type, debugfs_type; type debugfs_wifi_tracing, fs_type, debugfs_type; type tracing_shell_writable, fs_type, debugfs_type; +type tracing_shell_writable_debug, fs_type, debugfs_type; + type pstorefs, fs_type; type functionfs, fs_type, mlstrustedobject; type oemfs, fs_type, contextmount_type; -- GitLab