From 0379e1a2b834867e10ddce54c2d6111a9a4ef242 Mon Sep 17 00:00:00 2001
From: Taylor Nelms <tknelms@google.com>
Date: Fri, 27 Sep 2024 20:33:30 +0000
Subject: [PATCH] display: add pixel display trace to bugreport

AVC error log justifications:
[ 1198.907014] type=1400 audit(1728067746.876:2074): avc:  denied  { search } for  comm="cat" name="instances" dev="tracefs" ino=4194 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
[ 1198.908565] type=1400 audit(1728067746.876:2075): avc:  denied  { read } for  comm="cat" name="trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1
[ 1198.909716] type=1400 audit(1728067746.876:2076): avc:  denied  { open } for  comm="cat" path="/sys/kernel/tracing/instances/pixel-display/trace" dev="tracefs" ino=167692 scontext=u:r:dump_display_userdebug:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1

Bug: 369099258
Test: pixel display trace visible in bugreport
Flag: EXEMPT bugfix
Change-Id: I53f9340aee155d1ff0d0c0bc2db45e6bd77f342a
Signed-off-by: Taylor Nelms <tknelms@google.com>
---
 display/dump_display_userdebug.sh          | 4 ++++
 display/sepolicy/dump_display.te           | 1 +
 display/sepolicy/dump_display_userdebug.te | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/display/dump_display_userdebug.sh b/display/dump_display_userdebug.sh
index b66a4fe..84b7311 100644
--- a/display/dump_display_userdebug.sh
+++ b/display/dump_display_userdebug.sh
@@ -1,4 +1,8 @@
 #!/vendor/bin/sh
+display_trace_path="/sys/kernel/tracing/instances/pixel-display/trace"
+echo "------ Display Trace ($display_trace_path)------"
+cat $display_trace_path
+
 echo "------ HWC Fence States ------"
 for f in $(ls /data/vendor/log/hwc/*_hwc_fence_state*.txt)
 do
diff --git a/display/sepolicy/dump_display.te b/display/sepolicy/dump_display.te
index b8fd1b8..3e2cb69 100644
--- a/display/sepolicy/dump_display.te
+++ b/display/sepolicy/dump_display.te
@@ -1,3 +1,4 @@
+# Display (dump for bugreport)
 pixel_bugreport(dump_display)
 
 allow dump_display sysfs_display:file r_file_perms;
diff --git a/display/sepolicy/dump_display_userdebug.te b/display/sepolicy/dump_display_userdebug.te
index a3f83bb..c08fb29 100644
--- a/display/sepolicy/dump_display_userdebug.te
+++ b/display/sepolicy/dump_display_userdebug.te
@@ -1,3 +1,4 @@
+# Display eng/userdebug (dump for bugreport)
 pixel_bugreport(dump_display_userdebug)
 
 userdebug_or_eng(`
@@ -5,4 +6,6 @@ userdebug_or_eng(`
   allow dump_display_userdebug vendor_log_file:dir search;
   allow dump_display_userdebug vendor_hwc_log_file:dir r_dir_perms;
   allow dump_display_userdebug vendor_hwc_log_file:file r_file_perms;
+  allow dump_display_userdebug debugfs_tracing_instances:dir search;
+  allow dump_display_userdebug debugfs_tracing_instances:file r_file_perms;
 ')