From 986b9af4fa9b7f127bb703ddc83503720610bbc8 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Mon, 30 Apr 2018 12:23:20 -0700
Subject: [PATCH] Sepolicy: Fix system server calling perfprofd

Give all the right permissions to find and send a message to
perfprofd from the system server.

Bug: 73175642
Test: m
Test: manual
Change-Id: I82b63ec097dcd445d9e8169fe0df4398d62ac184
---
 private/perfprofd.te     | 2 +-
 private/system_server.te | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/private/perfprofd.te b/private/perfprofd.te
index 4da541032..2b4d53782 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -4,5 +4,5 @@ userdebug_or_eng(`
 ')
 
 # Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
 neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
diff --git a/private/system_server.te b/private/system_server.te
index bdf0f24d7..c5b83ecc8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -180,6 +180,9 @@ binder_call(system_server, storaged)
 binder_call(system_server, vold)
 binder_call(system_server, wificond)
 binder_call(system_server, wpantund)
+userdebug_or_eng(`
+  binder_call(system_server, perfprofd)
+')
 binder_service(system_server)
 
 # Use HALs
@@ -620,6 +623,9 @@ allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wificond_service:service_manager find;
+userdebug_or_eng(`
+  allow system_server perfprofd_service:service_manager find;
+')
 
 allow system_server keystore:keystore_key {
 	get_state
-- 
GitLab