From 835881aaa41622416aae220fd5f6bf827bd96fd3 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Thu, 10 May 2018 15:07:09 -0700
Subject: [PATCH] Sepolicy: Fix perfprofd permissions

Let statsd find the service. The system server wants to read file
attributes for the perfprofd dropbox file.

Bug: 73175642
Test: m
Test: manual
Change-Id: I0c0b1dac057af90fff440286226093ec15b5e247
---
 private/statsd.te        | 3 +++
 private/system_server.te | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/private/statsd.te b/private/statsd.te
index 74b89c242..834fb8b77 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -50,6 +50,9 @@ domain_auto_trans(statsd, perfetto_exec, perfetto)
 allow statsd {
   app_api_service
   incident_service
+  userdebug_or_eng(`
+    perfprofd_service
+  ')
   statscompanion_service
   system_api_service
 }:service_manager find;
diff --git a/private/system_server.te b/private/system_server.te
index 60d3718bf..aab37fc8f 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -389,7 +389,7 @@ allow system_server perfetto:fd use;
 
 # Allow dropbox to read /data/misc/perfprofd. Only the fd is sent over binder.
 userdebug_or_eng(`
-  allow system_server perfprofd_data_file:file read;
+  allow system_server perfprofd_data_file:file { getattr read };
   allow system_server perfprofd:fd use;
 ')
 
-- 
GitLab