From cdda2dc3c943030f6bc9b1e256be860086c88440 Mon Sep 17 00:00:00 2001
From: Stephen Nusko <nuskos@google.com>
Date: Thu, 4 Apr 2019 18:19:40 +0000
Subject: [PATCH] Add producer socket to the selinux perfetto domain.

This change allows the perfetto cmdline client to access
the (unprivileged) producer socket of traced, with the
intent of triggering finalization of already running traces
(see b/130135730). Matching change: aosp/932138

Note that:
- perfetto cmdline can already access the consumer socket
  (to start tracing sessions).
- The producer socket is already exposed to most domains,
  including unprivileged apps.

Bug: 130135730
Bug: 128966650
Change-Id: Id9106279584798e6689102085fa46a0b7ecb1ba7
---
 private/perfetto.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/private/perfetto.te b/private/perfetto.te
index 128205b0d..28ea868e7 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -11,6 +11,13 @@ tmpfs_domain(perfetto);
 # Allow to access traced's privileged consumer socket.
 unix_socket_connect(perfetto, traced_consumer, traced)
 
+# Connect to the Perfetto traced daemon as a producer. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+allow perfetto traced:fd use;
+allow perfetto traced_tmpfs:file { read write getattr map };
+unix_socket_connect(perfetto, traced_producer, traced)
+
+
 # Allow to write and unlink traces into /data/misc/perfetto-traces.
 allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
 allow perfetto perfetto_traces_data_file:file create_file_perms;