From 4fde9ec7b37487f5e3d8e54f578173d8eb310f9d Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Mon, 15 Oct 2018 18:02:02 +0100
Subject: [PATCH] Add heapprofd selinux config.
This does not actually grant any permissions but just adds the
necessary boilerplate for a new service.
Bug: 117762471
Bug: 117761873
Change-Id: I7cdd2ae368616cfd54fc685c15f775604bfc80d4
---
private/compat/26.0/26.0.ignore.cil | 3 +++
private/compat/27.0/27.0.ignore.cil | 3 +++
private/compat/28.0/28.0.ignore.cil | 3 +++
private/file_contexts | 2 ++
private/heapprofd.te | 5 +++++
public/file.te | 1 +
6 files changed, 17 insertions(+)
create mode 100644 private/heapprofd.te
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3cf086b05..17af59b24 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -87,6 +87,9 @@
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_offload_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
iorapd
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3fccdf32f..00ee63079 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -78,6 +78,9 @@
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_hostapd_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
iorapd
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index ee5e3ce09..24edae68a 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -26,6 +26,9 @@
hal_system_suspend_default
hal_system_suspend_default_exec
hal_system_suspend_default_tmpfs
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
llkd
llkd_exec
llkd_prop
diff --git a/private/file_contexts b/private/file_contexts
index 5e744192e..27931c2d2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -158,6 +158,7 @@
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
+/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
@@ -263,6 +264,7 @@
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
+/system/bin/heapprofd u:object_r:heapprofd_exec:s0
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
/system/bin/logwrapper u:object_r:system_file:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
new file mode 100644
index 000000000..ada66d524
--- /dev/null
+++ b/private/heapprofd.te
@@ -0,0 +1,5 @@
+# Android Heap Profiler Daemon go/heapprofd
+type heapprofd, domain, coredomain;
+type heapprofd_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(heapprofd)
diff --git a/public/file.te b/public/file.te
index e9fb1a626..bc3262852 100644
--- a/public/file.te
+++ b/public/file.te
@@ -386,6 +386,7 @@ type traced_consumer_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
+type heapprofd_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;
--
GitLab