From 3f8c271db83cf0df1a8934b56dd51a432c918250 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Mon, 3 Dec 2018 11:02:07 +0000
Subject: [PATCH] Allow heapprofd to read system_file_type.

Heapprofd needs to read binary files and library in order to support
unwinding the stack. sytem_file does not include all thes files, e.g.
zygote_exec is only labeled as system_file_type.

Denials:

12-03 10:50:37.485  9263  9263 I heapprofd: type=1400 audit(0.0:177): avc: denied { read } for name="app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
12-03 10:50:37.485  9263  9263 I heapprofd: type=1400 audit(0.0:178): avc: denied { open } for path="/system/bin/app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
12-03 10:50:37.485  9263  9263 I heapprofd: type=1400 audit(0.0:179): avc: denied { getattr } for path="/system/bin/app_process64" dev="dm-0" ino=2286 scontext=u:r:heapprofd:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1

Change-Id: Ie04b722a78ff6367729930ee0ef96f48ccf6aa55
Bug: 117762471
---
 private/heapprofd.te | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/private/heapprofd.te b/private/heapprofd.te
index 30ad7f12d..b7013d7c0 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -13,10 +13,10 @@ userdebug_or_eng(`
 
   # Executables and libraries.
   # These are needed to read the ELF binary data needed for unwinding.
-  allow heapprofd system_file:file r_file_perms;
-  allow heapprofd apk_data_file:file r_file_perms;
-  allow heapprofd dalvikcache_data_file:file r_file_perms;
-  allow heapprofd vendor_file_type:file r_file_perms;
+  r_dir_file(heapprofd, system_file_type)
+  r_dir_file(heapprofd, apk_data_file)
+  r_dir_file(heapprofd, dalvikcache_data_file)
+  r_dir_file(heapprofd, vendor_file_type)
 ')
 
 # Write trace data to the Perfetto traced damon. This requires connecting to its
-- 
GitLab