Allow traced to create files within /data/misc/perfetto-traces
Together with aosp/1282157 this change allows the service to
create trace files in the /data/misc/perfetto-traces folder.
Before this change they needed to be created by the perfetto
cmdline client and pass the FD.
This doesn't work for host tools like Android GPU Inspector
(https://gpuinspector.dev/) which talk to the UNIX socket
over adb forward and cannot pass a FD from the host.
Bug: 153519149
Test: manual: adb shell perfetto --txt -c -
buffers { size_kb: 65536 }
data_sources {
config {
name: "linux.ftrace"
ftrace_config { ftrace_events: "sched_switch" }
}
}
duration_ms: 5000
write_into_file: true
output_path: "/data/misc/perfetto-traces/ttt"
Change-Id: I184329805741654983843e6a29c1fac19a836f59
diff --git a/private/traced.te b/private/traced.te
index 7ecfb7f..2410d7e 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -24,7 +24,10 @@
allow traced perfetto:fd use;
allow traced shell:fd use;
allow traced shell:fifo_file { read write };
-allow traced perfetto_traces_data_file:file { read write };
+
+# Allow the service to create new files within /data/misc/perfetto-traces.
+allow traced perfetto_traces_data_file:file create_file_perms;
+allow traced perfetto_traces_data_file:dir rw_dir_perms;
# Allow traceur to pass open file descriptors to traced, so traced can directly
# write into the output file without doing roundtrips over IPC.
@@ -78,6 +81,7 @@
# passed through the socket.
neverallow traced {
data_file_type
+ -perfetto_traces_data_file
-system_data_file
-system_data_root_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a