Merge "sepolicy: add rules for traced_probes to capture stderr and kill atrace on timeout"
This commit is contained in:
Lalit Maganti
Gerrit Code Review
commit
41ddb80cd8
@ -13,6 +13,11 @@ allow atrace debugfs_tracing:dir r_dir_perms;
|
||||
allow atrace debugfs_tracing:file rw_file_perms;
|
||||
allow atrace debugfs_trace_marker:file getattr;
|
||||
|
||||
# Allow atrace to write data when a pipe is used for stdout/stderr
|
||||
# This is used by Perfetto to capture the output on error in atrace.
|
||||
allow atrace traced_probes:fd use;
|
||||
allow atrace traced_probes:fifo_file write;
|
||||
|
||||
# atrace sets debug.atrace.* properties
|
||||
set_prop(atrace, debug_prop)
|
||||
|
||||
|
||||
@ -53,9 +53,8 @@ allow traced_probes user_profile_data_file:dir { getattr open read search };
|
||||
# their userspace TRACE macros.
|
||||
domain_auto_trans(traced_probes, atrace_exec, atrace);
|
||||
|
||||
# This is needed for: path="/system/bin/linker64"
|
||||
# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
|
||||
allow atrace traced_probes:fd use;
|
||||
# Allow traced_probes to kill atrace on timeout.
|
||||
allow traced_probes atrace:process sigkill;
|
||||
|
||||
# Allow traced_probes to access /proc files for system stats.
|
||||
# Note: trace data is NOT exposed to anything other than shell and privileged
|
||||
|
||||
Loading…
Reference in New Issue
Block a user