Merge "Add rules for Perfetto to be used from system_server" into main am: f80a830b32

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2958867

Change-Id: Ie3a299620a9aa99c92bde99bd27ea72fdade9a69
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

private/perfetto.te

@@ -40,7 +40,7 @@ allow perfetto perfetto_configs_data_file:file r_file_perms;
 # (both root and non-root) on stdin and also to write the resulting trace to
 # stdout.
 allow perfetto { statsd mm_events shell su }:fd use;
-allow perfetto { statsd mm_events shell su }:fifo_file { getattr read write };
+allow perfetto { statsd mm_events shell su system_server }:fifo_file { getattr read write ioctl };
 
 # Allow to communicate use, read and write over the adb connection.
 allow perfetto adbd:fd use;

private/system_server.te

@@ -578,6 +578,10 @@ allow system_server prereboot_data_file:file create_file_perms;
 allow system_server perfetto_traces_data_file:file { read getattr };
 allow system_server perfetto:fd use;
 
+# Allow system_server to exec the perfetto cmdline client and pass it a trace config
+domain_auto_trans(system_server, perfetto_exec, perfetto);
+allow system_server perfetto:fifo_file { read write };
+
 # Manage /data/backup.
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
@@ -1292,7 +1296,7 @@ neverallow system_server {
 
 # Ensure that system_server doesn't perform any domain transitions other than
 # transitioning to the crash_dump domain when a crash occurs or fork clatd.
-neverallow system_server { domain -clatd -crash_dump }:process transition;
+neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
 neverallow system_server *:process dyntransition;
 
 # Only allow crash_dump to connect to system_ndebug_socket.