In native coverage builds, allow all domains to access /data/misc/trace

Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
(cherry picked from commit ce9c0c5a5fbd3fda8e1fd102d2bf1ca6afebbdf9)

Android.mk

@@ -169,6 +169,11 @@ ifneq (,$(filter address,$(SANITIZE_TARGET)))
   with_asan := true
 endif
 
+with_native_coverage := false
+ifeq ($(NATIVE_COVERAGE),true)
+  with_native_coverage := true
+endif
+
 # Library extension for host-side tests
 ifeq ($(HOST_OS),darwin)
 SHAREDLIB_EXT=dylib
@@ -334,6 +339,7 @@ $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(sepolicy_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
 $(sepolicy_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(sepolicy_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(sepolicy_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(sepolicy_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
@@ -352,6 +358,7 @@ $(sepolicy_policy_2.conf): PRIVATE_TARGET_BUILD_VARIANT := user
 $(sepolicy_policy_2.conf): PRIVATE_EXCLUDE_BUILD_TEST := true
 $(sepolicy_policy_2.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(sepolicy_policy_2.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(sepolicy_policy_2.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(sepolicy_policy_2.conf): $(call build_policy, $(sepolicy_build_files), \
@@ -396,6 +403,7 @@ $(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(reqd_policy_mask.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -424,6 +432,7 @@ $(pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -449,6 +458,7 @@ $(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(plat_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(plat_pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -502,6 +512,7 @@ $(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -544,6 +555,7 @@ $(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(userdebug_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := userdebug
 $(userdebug_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -587,6 +599,7 @@ $(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -728,6 +741,7 @@ $(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(vendor_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(vendor_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(vendor_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(vendor_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(vendor_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(vendor_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -778,6 +792,7 @@ $(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(odm_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(odm_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(odm_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(odm_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
 $(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
@@ -995,6 +1010,7 @@ $(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(sepolicy.recovery.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
 $(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
+$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
 $(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
 $(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
 $(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \

definitions.mk

@@ -8,6 +8,7 @@ $(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
 	-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
 	-D target_arch=$(PRIVATE_TGT_ARCH) \
 	-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
+	-D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \
 	-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
 	-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
 	-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \

prebuilts/api/29.0/private/logd.te

@@ -8,6 +8,7 @@ neverallow logd {
   file_type
   -runtime_event_log_tags_file
   userdebug_or_eng(`-coredump_file -misc_logd_file')
+  with_native_coverage(`-method_trace_data_file')
 }:file { create write append };
 
 # protect the event-log-tags file

prebuilts/api/29.0/private/logpersist.te

@@ -19,6 +19,10 @@ userdebug_or_eng(`
 ')
 
 # logpersist is allowed to write to /data/misc/log for userdebug and eng builds
-neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
+neverallow logpersist {
+  file_type
+  userdebug_or_eng(`-misc_logd_file -coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file { create write append };
 neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
 neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };

prebuilts/api/29.0/private/perfetto.te

@@ -74,8 +74,14 @@ neverallow perfetto {
   -vendor_data_file
   -zoneinfo_data_file
   -perfetto_traces_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir *;
 neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
 neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
-neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write;
+neverallow perfetto {
+  data_file_type
+  -zoneinfo_data_file
+  -perfetto_traces_data_file
+  with_native_coverage(`-method_trace_data_file')
+}:file ~write;

prebuilts/api/29.0/private/recovery_persist.te

@@ -3,4 +3,9 @@ typeattribute recovery_persist coredomain;
 init_daemon_domain(recovery_persist)
 
 # recovery_persist is not allowed to write anywhere other than recovery_data_file
-neverallow recovery_persist { file_type -recovery_data_file userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_persist {
+  file_type
+  -recovery_data_file
+  userdebug_or_eng(`-coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file write;

prebuilts/api/29.0/private/recovery_refresh.te

@@ -3,4 +3,8 @@ typeattribute recovery_refresh coredomain;
 init_daemon_domain(recovery_refresh)
 
 # recovery_refresh is not allowed to write anywhere
-neverallow recovery_refresh { file_type userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_refresh {
+  file_type
+  userdebug_or_eng(`-coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file write;

prebuilts/api/29.0/private/traced.te

@@ -66,6 +66,7 @@ neverallow traced {
   # subsequent neverallow. Currently only getattr and search are allowed.
   -vendor_data_file
   -zoneinfo_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir *;
 neverallow traced { system_data_file }:dir ~{ getattr search };
 neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
@@ -75,6 +76,7 @@ neverallow traced {
   -zoneinfo_data_file
   -perfetto_traces_data_file
   -trace_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:file ~write;
 
 # Only init is allowed to enter the traced domain via exec()

prebuilts/api/29.0/private/traced_probes.te

@@ -108,11 +108,17 @@ neverallow traced_probes {
   # subsequent neverallow. Currently only getattr and search are allowed.
   -vendor_data_file
   -zoneinfo_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir *;
 neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
 neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
 neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced_probes { data_file_type -zoneinfo_data_file -packages_list_file }:file *;
+neverallow traced_probes {
+  data_file_type
+  -zoneinfo_data_file
+  -packages_list_file
+  with_native_coverage(`-method_trace_data_file')
+}:file *;
 
 # Only init is allowed to enter the traced_probes domain via exec()
 neverallow { domain -init } traced_probes:process transition;

prebuilts/api/29.0/public/domain.te

@@ -51,6 +51,12 @@ userdebug_or_eng(`
   allow domain coredump_file:dir ra_dir_perms;
 ')
 
+with_native_coverage(`
+  # Allow writing coverage information to /data/misc/trace
+  allow domain method_trace_data_file:dir create_dir_perms;
+  allow domain method_trace_data_file:file create_file_perms;
+')
+
 # Root fs.
 allow domain tmpfs:dir { getattr search };
 allow domain rootfs:dir search;
@@ -852,6 +858,7 @@ full_treble_only(`
     # These functions are considered vndk-stable and thus must be allowed for
     # all processes.
     -zoneinfo_data_file
+    with_native_coverage(`-method_trace_data_file')
   }:file_class_set ~{ append getattr ioctl read write map };
   neverallow {
     vendor_init
@@ -860,6 +867,7 @@ full_treble_only(`
     core_data_file_type
     -unencrypted_data_file
     -zoneinfo_data_file
+    with_native_coverage(`-method_trace_data_file')
   }:file_class_set ~{ append getattr ioctl read write map };
   # vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
   # The vendor init binary lives on the system partition so there is not a concern with stability.
@@ -878,6 +886,7 @@ full_treble_only(`
     -system_data_file # default label for files on /data. Covered below...
     -vendor_data_file
     -zoneinfo_data_file
+    with_native_coverage(`-method_trace_data_file')
   }:dir *;
   neverallow {
     vendor_init
@@ -888,6 +897,7 @@ full_treble_only(`
     -system_data_file
     -vendor_data_file
     -zoneinfo_data_file
+    with_native_coverage(`-method_trace_data_file')
   }:dir *;
   # vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
   # The vendor init binary lives on the system partition so there is not a concern with stability.

prebuilts/api/29.0/public/hal_configstore.te

@@ -42,6 +42,7 @@ neverallow hal_configstore_server {
   -anr_data_file # for crash dump collection
   -tombstone_data_file # for crash dump collection
   -zoneinfo_data_file # granted to domain
+  with_native_coverage(`-method_trace_data_file')
 }:{ file fifo_file sock_file } *;
 
 # Should never need sdcard access

prebuilts/api/29.0/public/mediaextractor.te

@@ -66,4 +66,5 @@ neverallow mediaextractor {
   data_file_type
   -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
   userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins
+  with_native_coverage(`-method_trace_data_file')
 }:file open;

prebuilts/api/29.0/public/recovery.te

@@ -162,9 +162,11 @@ neverallow recovery {
    data_file_type
    -cache_file
    -cache_recovery_file
+  with_native_coverage(`-method_trace_data_file')
 }:file { no_w_file_perms no_x_file_perms };
 neverallow recovery {
    data_file_type
    -cache_file
    -cache_recovery_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir no_w_dir_perms;

prebuilts/api/29.0/public/te_macros

@@ -509,6 +509,12 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
 #
 define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), ))
 
+#####################################
+# native coverage builds
+# SELinux rules which apply only to builds with native coverage
+#
+define(`with_native_coverage', ifelse(target_with_native_coverage, `true', userdebug_or_eng(`$1'), ))
+
 #####################################
 # Build-time-only test
 # SELinux rules which are verified during build, but not as part of *TS testing.

private/logd.te

@@ -8,6 +8,7 @@ neverallow logd {
   file_type
   -runtime_event_log_tags_file
   userdebug_or_eng(`-coredump_file -misc_logd_file')
+  with_native_coverage(`-method_trace_data_file')
 }:file { create write append };
 
 # protect the event-log-tags file

private/logpersist.te

@@ -19,6 +19,10 @@ userdebug_or_eng(`
 ')
 
 # logpersist is allowed to write to /data/misc/log for userdebug and eng builds
-neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
+neverallow logpersist {
+  file_type
+  userdebug_or_eng(`-misc_logd_file -coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file { create write append };
 neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
 neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };

private/perfetto.te

@@ -74,8 +74,14 @@ neverallow perfetto {
   -vendor_data_file
   -zoneinfo_data_file
   -perfetto_traces_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir *;
 neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
 neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
-neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write;
+neverallow perfetto {
+  data_file_type
+  -zoneinfo_data_file
+  -perfetto_traces_data_file
+  with_native_coverage(`-method_trace_data_file')
+}:file ~write;

private/recovery_persist.te

@@ -3,4 +3,9 @@ typeattribute recovery_persist coredomain;
 init_daemon_domain(recovery_persist)
 
 # recovery_persist is not allowed to write anywhere other than recovery_data_file
-neverallow recovery_persist { file_type -recovery_data_file userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_persist {
+  file_type
+  -recovery_data_file
+  userdebug_or_eng(`-coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file write;

private/recovery_refresh.te

@@ -3,4 +3,8 @@ typeattribute recovery_refresh coredomain;
 init_daemon_domain(recovery_refresh)
 
 # recovery_refresh is not allowed to write anywhere
-neverallow recovery_refresh { file_type userdebug_or_eng(`-coredump_file') }:file write;
+neverallow recovery_refresh {
+  file_type
+  userdebug_or_eng(`-coredump_file')
+  with_native_coverage(`-method_trace_data_file')
+}:file write;

private/traced.te

@@ -66,6 +66,7 @@ neverallow traced {
   # subsequent neverallow. Currently only getattr and search are allowed.
   -vendor_data_file
   -zoneinfo_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:dir *;
 neverallow traced { system_data_file }:dir ~{ getattr search };
 neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
@@ -75,6 +76,7 @@ neverallow traced {
   -zoneinfo_data_file
   -perfetto_traces_data_file
   -trace_data_file
+  with_native_coverage(`-method_trace_data_file')
 }:file ~write;
 
 # Only init is allowed to enter the traced domain via exec()