From fb7fc4fd3d147b4cedb20bb4cc71a08bbdca57d0 Mon Sep 17 00:00:00 2001
From: Earl Ou <shunhsingou@google.com>
Date: Wed, 7 Jun 2017 11:48:37 +0800
Subject: [PATCH] Fix SELinux settings for tracing during boot.

Service boottrace runs atrace out of shell context for tracing during
boot. Therefore, we need the same permission set in shell.te to run atrace
in boottrace service.

Bug: 34094010
Test: None
Change-Id: I94b2c3f9a74da377b0467112ebd4e1ee658847a4
---
 private/atrace.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/private/atrace.te b/private/atrace.te
index 94d84834d..8740b63c7 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -11,8 +11,11 @@ userdebug_or_eng(`
   allow atrace boottrace_data_file:dir search;
   allow atrace boottrace_data_file:file r_file_perms;
 
-  # atrace reads the files in /sys/kernel/debug/tracing/
+  # Allow atrace to access tracefs.
+  allow atrace debugfs_tracing:dir r_dir_perms;
   allow atrace debugfs_tracing:file r_file_perms;
+  allow atrace tracing_shell_writable:file rw_file_perms;
+  allow atrace debugfs_trace_marker:file getattr;
 
   # atrace sets debug.atrace.* properties
   set_prop(atrace, debug_prop)
-- 
GitLab