Adding a traceur_app domain to remove it from shell This CL creates a traceur_app domain with userdebug privileges akin to what shell has with regards to being able to find most services on device. Previously, traceur was running as shell which was an unintentional abuse of selinux architecture. Bug: 68126425 Test: Traceur functions outside of shell user privilege Change-Id: Ib5090e7e8225ad201b3ec24b506fe2717101d0f1

commit: 4ea5569f531099bc5781ae28f08d14048873ceaa [log] [tgz]
author: Max Bires <jbires@google.com> Mon Dec 11 16:19:23 2017 -0800
committer: Max Bires <jbires@google.com> Tue Jan 02 15:29:03 2018 -0800
tree: c14c275340c4f56b7170a9c359179d83819ddb78
parent: 756dd574d5ca4b936fd1acce3bbd9c1b65b00f5e [diff] [blame]
diff --git a/private/traceur_app.te b/private/traceur_app.te
new file mode 100644
index 0000000..194a28f
--- /dev/null
+++ b/private/traceur_app.te

@@ -0,0 +1,7 @@
+typeattribute traceur_app coredomain;
+
+userdebug_or_eng(`
+  app_domain(traceur_app);
+  allow traceur_app debugfs_tracing:file r_file_perms;
+  allow traceur_app atrace_exec:file rx_file_perms;
+')
commit	4ea5569f531099bc5781ae28f08d14048873ceaa	[log] [tgz]
author	Max Bires <jbires@google.com>	Mon Dec 11 16:19:23 2017 -0800
committer	Max Bires <jbires@google.com>	Tue Jan 02 15:29:03 2018 -0800
tree	c14c275340c4f56b7170a9c359179d83819ddb78
parent	756dd574d5ca4b936fd1acce3bbd9c1b65b00f5e [diff] [blame]