68e27caeb6
Hostside tests depend on being able to execute /system/bin/bcc. Allow
it.
From bug:
In the NDK:
$ ./checkbuild.py
$ virtualenv -p ../out/bootstrap/bin/python3 env
$ source env/bin/activate
$ ./run_tests.py --filter rs-cpp-basic
FAIL rs-cpp-basic.rstest-compute [armeabi-v7a-19]: android-28 marlin HT67L0200247 QPP1.190205.017
New RS 0xee70f000
Segmentation fault
FAIL rs-cpp-basic.rstest-compute [arm64-v8a-21]: android-28 marlin HT67L0200247 QPP1.190205.017
New RS 0x7a91e13000
Segmentation fault
02-23 23:00:45.635 9516 9518 V RenderScript: Successfully loaded runtime: libRSDriver_adreno.so
02-23 23:00:45.650 9518 9518 W rstest-compute: type=1400 audit(0.0:15): avc: denied { read } for name="bcc" dev="dm-0" ino=390 scontext=u:r:shell:s0 tcontext=u:object_r:rs_exec:s0 tclass=file permissive=0
02-23 23:00:45.651 9516 9518 E RenderScript: Cannot open file '/system/bin/bcc' to compute checksum
02-23 23:00:45.652 9516 9516 E rsC++ : Internal error: Object id 0.
Test: compiles
Fixes: 126388046
Change-Id: I28e591d660c4ba9a33135e940d298d35474ef0b6
73 lines
2.3 KiB
Plaintext
73 lines
2.3 KiB
Plaintext
typeattribute shell coredomain;
|
|
|
|
# allow shell input injection
|
|
allow shell uhid_device:chr_file rw_file_perms;
|
|
|
|
# systrace support - allow atrace to run
|
|
allow shell debugfs_tracing_debug:dir r_dir_perms;
|
|
allow shell debugfs_tracing:dir r_dir_perms;
|
|
allow shell debugfs_tracing:file rw_file_perms;
|
|
allow shell debugfs_trace_marker:file getattr;
|
|
allow shell atrace_exec:file rx_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
allow shell debugfs_tracing_debug:file rw_file_perms;
|
|
')
|
|
|
|
# read config.gz for CTS purposes
|
|
allow shell config_gz:file r_file_perms;
|
|
|
|
# Run app_process.
|
|
# XXX Transition into its own domain?
|
|
app_domain(shell)
|
|
|
|
# allow shell to call dumpsys storaged
|
|
binder_call(shell, storaged)
|
|
|
|
# Perform SELinux access checks, needed for CTS
|
|
selinux_check_access(shell)
|
|
selinux_check_context(shell)
|
|
|
|
# Control Perfetto traced and obtain traces from it.
|
|
# Needed for Studio and debugging.
|
|
unix_socket_connect(shell, traced_consumer, traced)
|
|
|
|
# Allow shell binaries to write trace data to Perfetto. Used for testing and
|
|
# cmdline utils.
|
|
allow shell traced:fd use;
|
|
allow shell traced_tmpfs:file { read write getattr map };
|
|
unix_socket_connect(shell, traced_producer, traced)
|
|
|
|
domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
|
|
|
|
# Allow shell binaries to exec the perfetto cmdline util and have that
|
|
# transition into its own domain, so that it behaves consistently to
|
|
# when exec()-d by statsd.
|
|
domain_auto_trans(shell, perfetto_exec, perfetto)
|
|
# Allow to send SIGINT to perfetto when daemonized.
|
|
allow shell perfetto:process signal;
|
|
|
|
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
|
|
binder_call(shell, statsd);
|
|
|
|
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
|
|
allow shell perfetto_traces_data_file:dir rw_dir_perms;
|
|
allow shell perfetto_traces_data_file:file r_file_perms;
|
|
|
|
# Allow shell to run adb shell cmd gpu commands.
|
|
binder_call(shell, gpuservice);
|
|
|
|
# Allow shell to use atrace HAL
|
|
hal_client_domain(shell, hal_atrace)
|
|
|
|
# For hostside tests such as CTS listening ports test.
|
|
allow shell proc_net_tcp_udp:file r_file_perms;
|
|
|
|
# The dl.exec_linker* tests need to execute /system/bin/linker
|
|
# b/124789393
|
|
allow shell system_linker_exec:file rx_file_perms;
|
|
|
|
# Renderscript host side tests depend on being able to execute
|
|
# /system/bin/bcc (b/126388046)
|
|
allow shell rs_exec:file rx_file_perms;
|