Merge "Add rules for Perfetto to be used from system_server" into main
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 2055e4f..726f0ab 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -383,6 +383,7 @@
"processinfo": EXCEPTION_NO_FUZZER,
"procstats": EXCEPTION_NO_FUZZER,
"profcollectd": EXCEPTION_NO_FUZZER,
+ "profiling_service": EXCEPTION_NO_FUZZER,
"radio.phonesubinfo": EXCEPTION_NO_FUZZER,
"radio.phone": EXCEPTION_NO_FUZZER,
"radio.sms": EXCEPTION_NO_FUZZER,
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 46cea8e..e3869cd 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -34,8 +34,6 @@
# Interaction between the app_zygote and its children.
allow app_zygote isolated_app:process setpgid;
-allow app_zygote properties_device:dir mounton;
-
# TODO (b/63631799) fix this access
dontaudit app_zygote mnt_expand_file:dir getattr;
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index 74ab9e5..1de001e 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -42,4 +42,5 @@
proc_percpu_pagelist_high_fraction
vendor_microdroid_file
threadnetwork_config_prop
+ profiling_service
))
diff --git a/private/service_contexts b/private/service_contexts
index 299bb6f..82af95e 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -358,6 +358,7 @@
pinner u:object_r:pinner_service:s0
powerstats u:object_r:powerstats_service:s0
power u:object_r:power_service:s0
+profiling_service u:object_r:profiling_service:s0
print u:object_r:print_service:s0
processinfo u:object_r:processinfo_service:s0
procstats u:object_r:procstats_service:s0
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 7b05af2..0556950 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -83,8 +83,6 @@
allow webview_zygote system_data_file:lnk_file r_file_perms;
-allow webview_zygote properties_device:dir mounton;
-
# Send unsolicited message to system_server
unix_socket_send(webview_zygote, system_unsolzygote, system_server)
diff --git a/public/bootanim.te b/public/bootanim.te
index 9c7a0ee..a9616b7 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -17,8 +17,7 @@
allow bootanim sysfs_gpu:file r_file_perms;
# /oem access
-allow bootanim oemfs:dir search;
-allow bootanim oemfs:file r_file_perms;
+r_dir_file(bootanim, oemfs);
allow bootanim audio_device:dir r_dir_perms;
allow bootanim audio_device:chr_file rw_file_perms;
diff --git a/public/service.te b/public/service.te
index b480d3e..a6f854a 100644
--- a/public/service.te
+++ b/public/service.te
@@ -40,6 +40,7 @@
type nfc_service, service_manager_type;
type ondevicepersonalization_system_service, system_api_service, system_server_service, service_manager_type;
type ot_daemon_service, service_manager_type;
+type profiling_service, app_api_service, system_server_service, service_manager_type;
type radio_service, service_manager_type;
type secure_element_service, service_manager_type;
type service_manager_service, service_manager_type;