From 9678e079ac8eee813e8c918664df07e0bcd340be Mon Sep 17 00:00:00 2001
From: Carmen Jackson <carmenjackson@google.com>
Date: Thu, 10 Jan 2019 12:17:40 -0800
Subject: [PATCH] Add selinux rules for detachable perfetto process.

This appears to be the minimum change required to accommodate Traceur
running the detachable Perfetto process.

Bug: 116754732
Test: Started a perfetto trace using --detach and it started
successfully.

Change-Id: I12881ae343389abdcc74af5f11ecbac99b03ef7c
---
 private/traced.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/traced.te b/private/traced.te
index 6571938fb..33c5ac090 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -19,7 +19,9 @@ allow traced self:global_capability_class_set { sys_nice };
 # directly into that (rather than returning the trace contents over the socket).
 allow traced perfetto:fd use;
 allow traced shell:fd use;
+allow traced traceur_app:fd use;
 allow traced perfetto_traces_data_file:file { read write };
+allow traced trace_data_file:file { read write };
 
 ###
 ### Neverallow rules
@@ -53,6 +55,7 @@ neverallow traced {
   data_file_type
   -zoneinfo_data_file
   -perfetto_traces_data_file
+  -trace_data_file
 }:file ~write;
 
 # Only init is allowed to enter the traced domain via exec()
-- 
GitLab