1typeattribute traceur_app coredomain; 2 3app_domain(traceur_app); 4allow traceur_app debugfs_tracing:file rw_file_perms; 5allow traceur_app debugfs_tracing_debug:dir r_dir_perms; 6 7userdebug_or_eng(` 8 allow traceur_app debugfs_tracing_debug:file rw_file_perms; 9') 10 11allow traceur_app trace_data_file:file create_file_perms; 12allow traceur_app trace_data_file:dir rw_dir_perms; 13allow traceur_app wm_trace_data_file:dir rw_dir_perms; 14allow traceur_app wm_trace_data_file:file { getattr r_file_perms unlink }; 15allow traceur_app atrace_exec:file rx_file_perms; 16 17# To exec the perfetto cmdline client and pass it the trace config on 18# stdint through a pipe. 19allow traceur_app perfetto_exec:file rx_file_perms; 20 21# Allow to access traced's privileged consumer socket. 22unix_socket_connect(traceur_app, traced_consumer, traced) 23 24dontaudit traceur_app debugfs_tracing_debug:file audit_access; 25 26set_prop(traceur_app, debug_prop) 27 28allow traceur_app servicemanager:service_manager list; 29allow traceur_app hwservicemanager:hwservice_manager list; 30 31allow traceur_app { 32 service_manager_type 33 -apex_service 34 -dnsresolver_service 35 -gatekeeper_service 36 -incident_service 37 -installd_service 38 -lpdump_service 39 -mdns_service 40 -netd_service 41 -virtual_touchpad_service 42 -vold_service 43 -default_android_service 44}:service_manager find; 45 46# Allow traceur_app to use atrace HAL 47hal_client_domain(traceur_app, hal_atrace) 48 49dontaudit traceur_app service_manager_type:service_manager find; 50dontaudit traceur_app hwservice_manager_type:hwservice_manager find; 51dontaudit traceur_app domain:binder call; 52