Allow to signal perfetto from shell.

When daemonizing perfetto, SIGINT should be sent to ensure clean
shutdown.

Denial:
12-06 11:12:16.566  3099  3099 I sh      : type=1400 audit(0.0:462): avc: denied { signal } for scontext=u:r:shell:s0 tcontext=u:r:perfetto:s0 tclass=process permissive=1

Test: m
Test: flash walleye
Test: SIGINT perfetto from shell

Change-Id: I8d34b447ea90c315faf88f020f1dfc49e4abbcce

private/perfetto.te

@@ -3,7 +3,6 @@
 # This command line client accesses the privileged socket of the traced
 # daemon.
 
-type perfetto, domain, coredomain;
 type perfetto_exec, system_file_type, exec_type, file_type;
 
 tmpfs_domain(perfetto);

private/shell.te

@@ -44,6 +44,8 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
 # transition into its own domain, so that it behaves consistently to
 # when exec()-d by statsd.
 domain_auto_trans(shell, perfetto_exec, perfetto)
+# Allow to send SIGINT to perfetto when daemonized.
+allow shell perfetto:process signal;
 
 # Allow shell to run adb shell cmd stats commands. Needed for CTS.
 binder_call(shell, statsd);

public/app.te

@@ -432,7 +432,9 @@ neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
 # sigchld allowed for parent death notification.
 # signull allowed for kill(pid, 0) existence test.
 # All others prohibited.
-neverallow appdomain { domain -appdomain }:process
+# -perfetto is to allow shell (which is an appdomain) to kill perfetto
+# (see private/shell.te).
+neverallow appdomain { domain -appdomain -perfetto }:process
     { sigkill sigstop signal };
 
 # Write to rootfs.

public/perfetto.te

+type perfetto, domain, coredomain;