am 3d328179: Add SELinux settings to support tracing during boot.

* commit '3d328179':
  Add SELinux settings to support tracing during boot.

atrace.te

+# Domain for atrace process spawned by boottrace service.
+type atrace_exec, exec_type, file_type;
+
+userdebug_or_eng(`
+
+  type atrace, domain;
+  init_daemon_domain(atrace)
+
+  # boottrace services uses /data/misc/boottrace/categories
+  allow atrace boottrace_data_file:dir search;
+  allow atrace boottrace_data_file:file r_file_perms;
+
+  # atrace reads the files in /sys/kernel/debug/tracing/
+  allow atrace debugfs:file r_file_perms;
+
+  # atrace sets debug.atrace.* properties
+  set_prop(atrace, debug_prop)
+
+  # atrace pokes all the binder-enabled processes at startup.
+  binder_use(atrace)
+  allow atrace healthd:binder call;
+  allow atrace surfaceflinger:binder call;
+
+')

file.te

@@ -106,6 +106,7 @@ type storage_stub_file, file_type;
 type adb_keys_file, file_type, data_file_type;
 type audio_data_file, file_type, data_file_type;
 type bluetooth_data_file, file_type, data_file_type;
+type boottrace_data_file, file_type, data_file_type;
 type camera_data_file, file_type, data_file_type;
 type gatekeeper_data_file, file_type, data_file_type;
 type keychain_data_file, file_type, data_file_type;

file_contexts

@@ -142,6 +142,7 @@
 # System files
 #
 /system(/.*)?		u:object_r:system_file:s0
+/system/bin/atrace	u:object_r:atrace_exec:s0
 /system/bin/e2fsck	--	u:object_r:fsck_exec:s0
 /system/bin/fsck\.f2fs	--	u:object_r:fsck_exec:s0
 /system/bin/fsck_msdos	--	u:object_r:fsck_exec:s0
@@ -245,6 +246,7 @@
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
 /data/misc/audio(/.*)?          u:object_r:audio_data_file:s0
+/data/misc/boottrace(/.*)?      u:object_r:boottrace_data_file:s0
 /data/misc/bluetooth(/.*)?      u:object_r:bluetooth_data_file:s0
 /data/misc/bluedroid(/.*)?      u:object_r:bluetooth_data_file:s0
 /data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0

property.te

 type default_prop, property_type;
 type shell_prop, property_type;
 type debug_prop, property_type;
+type persist_debug_prop, property_type;
 type debuggerd_prop, property_type;
 type dhcp_prop, property_type;
 type fingerprint_prop, property_type;

property_contexts

@@ -34,6 +34,7 @@ service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0
 
 persist.audio.          u:object_r:audio_prop:s0
+persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.service.        u:object_r:system_prop:s0

shell.te

@@ -55,6 +55,14 @@ set_prop(shell, powerctl_prop)
 # Directory read access and file write access is already granted
 # in domain.te.
 allow shell debugfs:file r_file_perms;
+allow shell atrace_exec:file rx_file_perms;
+
+userdebug_or_eng(`
+  # "systrace --boot" support - allow boottrace service to run
+  allow shell boottrace_data_file:dir rw_dir_perms;
+  allow shell boottrace_data_file:file create_file_perms;
+  set_prop(shell, persist_debug_prop)
+')
 
 # allow shell to run dmesg
 allow shell kernel:system syslog_read;