userdebug: support perfetto traces as a section in incident reports am: ce3a33ff18

am: 25d6ad4a41

Change-Id: I1eec93260bc224f1156ad4d4329df7f818568494

private/incidentd.te

@@ -49,6 +49,13 @@ userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
 allow incidentd stats_service:service_manager find;
 binder_call(incidentd, statsd)
 
+# section id 3026, allow reading /data/misc/perfetto-traces.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+  allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+  allow incidentd perfetto_traces_data_file:file r_file_perms;
+');
+
 # Create and write into /data/misc/incidents
 allow incidentd incident_data_file:dir rw_dir_perms;
 allow incidentd incident_data_file:file create_file_perms;
@@ -146,12 +153,14 @@ binder_call(incidentd, incident)
 ### neverallow rules
 ###
 
-# only dumpstate, system_server, system_app and incident command can find the incident service
+# only specific domains can find the incident service
+# TODO(b/134706389): remove "perfetto" when no longer used.
 neverallow {
   domain
   -dumpstate
   -incident
   -incidentd
+  userdebug_or_eng(`-perfetto')
   -priv_app
   -statsd
   -system_app

private/perfetto.te

@@ -37,12 +37,19 @@ allow perfetto { statsd shell su }:fifo_file { getattr read write };
 allow perfetto adbd:fd use;
 allow perfetto adbd:unix_stream_socket { read write };
 
-# allow adbd to reap perfetto
+# Allow adbd to reap perfetto
 allow perfetto adbd:process { sigchld };
 
 # Allow to access /dev/pts when launched in an adb shell.
 allow perfetto devpts:chr_file rw_file_perms;
 
+# Allow perfetto to ask incidentd to start a report.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+  allow perfetto incident_service:service_manager find;
+  binder_call(perfetto, incidentd)
+');
+
 ###
 ### Neverallow rules
 ###