From e922aa38bfa5949fa7bcc32d9e03b696d6d1c537 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Thu, 21 Mar 2019 13:07:05 +0000
Subject: [PATCH] Give heapprofd dac_read_search on userdebug.

This is needed because some oat dex files are generated without world
readable permissions. See the bug for details.

We are still constrained by the SELinux rules above.

Bug: 129048073

Change-Id: I84e34f83ceb299ff16b29a78f16c620fc0aa5d68
---
 private/domain.te    |  1 +
 private/heapprofd.te | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/private/domain.te b/private/domain.te
index 8431957b8..137d5f278 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -279,6 +279,7 @@ neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
 neverallow ~{
   dac_override_allowed
   traced_probes
+  userdebug_or_eng(`heapprofd')
 } self:global_capability_class_set dac_read_search;
 
 # Limit what domains can mount filesystems or change their mount flags.
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 1339673c6..98645a264 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -46,8 +46,18 @@ userdebug_or_eng(`
   r_dir_file(heapprofd, apk_data_file)
   r_dir_file(heapprofd, dalvikcache_data_file)
   r_dir_file(heapprofd, vendor_file_type)
+  # Some dex files are not world-readable.
+  # We are still constrained by the SELinux rules above.
+  allow heapprofd self:global_capability_class_set dac_read_search;
 ')
 
+# This is going to happen on user but is benign because central heapprofd
+# does not actually need these permission.
+# If the dac_read_search capability check is rejected, the kernel then tries
+# to perform a dac_override capability check, so we need to dontaudit that
+# as well.
+dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
+
 never_profile_heap(`{
   bpfloader
   init