Add heapprofd selinux config.
This does not actually grant any permissions but just adds the
necessary boilerplate for a new service.
Bug: 117762471
Bug: 117761873
Change-Id: I7cdd2ae368616cfd54fc685c15f775604bfc80d4
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3cf086b..17af59b 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -87,6 +87,9 @@
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_offload_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
iorapd
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3fccdf3..00ee630 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -78,6 +78,9 @@
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_hostapd_hwservice
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
incident_helper
incident_helper_exec
iorapd
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index ee5e3ce..24edae6 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -26,6 +26,9 @@
hal_system_suspend_default
hal_system_suspend_default_exec
hal_system_suspend_default_tmpfs
+ heapprofd
+ heapprofd_exec
+ heapprofd_socket
llkd
llkd_exec
llkd_prop
diff --git a/private/file_contexts b/private/file_contexts
index 5e74419..27931c2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -158,6 +158,7 @@
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/traced_producer u:object_r:traced_producer_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
+/dev/socket/heapprofd u:object_r:heapprofd_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0
/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0
@@ -263,6 +264,7 @@
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
+/system/bin/heapprofd u:object_r:heapprofd_exec:s0
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
/system/bin/logwrapper u:object_r:system_file:s0
diff --git a/private/heapprofd.te b/private/heapprofd.te
new file mode 100644
index 0000000..ada66d5
--- /dev/null
+++ b/private/heapprofd.te
@@ -0,0 +1,5 @@
+# Android Heap Profiler Daemon go/heapprofd
+type heapprofd, domain, coredomain;
+type heapprofd_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(heapprofd)
diff --git a/public/file.te b/public/file.te
index e9fb1a6..bc32628 100644
--- a/public/file.te
+++ b/public/file.te
@@ -386,6 +386,7 @@
type uncrypt_socket, file_type, coredomain_socket;
type wpa_socket, file_type, data_file_type, core_data_file_type;
type zygote_socket, file_type, coredomain_socket;
+type heapprofd_socket, file_type, coredomain_socket;
# UART (for GPS) control proc file
type gps_control, file_type;