From aeca04b967c1a376a46ab8222cde5a7ecaa930cf Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Thu, 6 Dec 2018 13:28:01 +0000
Subject: [PATCH] Allow to signal perfetto from shell.

When daemonizing perfetto, SIGINT should be sent to ensure clean
shutdown.

Denial:
12-06 11:12:16.566  3099  3099 I sh      : type=1400 audit(0.0:462): avc: denied { signal } for scontext=u:r:shell:s0 tcontext=u:r:perfetto:s0 tclass=process permissive=1

Test: m
Test: flash walleye
Test: SIGINT perfetto from shell

Change-Id: I8d34b447ea90c315faf88f020f1dfc49e4abbcce
---
 private/perfetto.te | 1 -
 private/shell.te    | 2 ++
 public/app.te       | 4 +++-
 public/perfetto.te  | 1 +
 4 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 public/perfetto.te

diff --git a/private/perfetto.te b/private/perfetto.te
index 4d8720a2d..2e43d9015 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -3,7 +3,6 @@
 # This command line client accesses the privileged socket of the traced
 # daemon.
 
-type perfetto, domain, coredomain;
 type perfetto_exec, system_file_type, exec_type, file_type;
 
 tmpfs_domain(perfetto);
diff --git a/private/shell.te b/private/shell.te
index 8867112af..95e0d4028 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -44,6 +44,8 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
 # transition into its own domain, so that it behaves consistently to
 # when exec()-d by statsd.
 domain_auto_trans(shell, perfetto_exec, perfetto)
+# Allow to send SIGINT to perfetto when daemonized.
+allow shell perfetto:process signal;
 
 # Allow shell to run adb shell cmd stats commands. Needed for CTS.
 binder_call(shell, statsd);
diff --git a/public/app.te b/public/app.te
index aa735b470..94acac754 100644
--- a/public/app.te
+++ b/public/app.te
@@ -432,7 +432,9 @@ neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
 # sigchld allowed for parent death notification.
 # signull allowed for kill(pid, 0) existence test.
 # All others prohibited.
-neverallow appdomain { domain -appdomain }:process
+# -perfetto is to allow shell (which is an appdomain) to kill perfetto
+# (see private/shell.te).
+neverallow appdomain { domain -appdomain -perfetto }:process
     { sigkill sigstop signal };
 
 # Write to rootfs.
diff --git a/public/perfetto.te b/public/perfetto.te
new file mode 100644
index 000000000..cec0e6f09
--- /dev/null
+++ b/public/perfetto.te
@@ -0,0 +1 @@
+type perfetto, domain, coredomain;
-- 
GitLab