Allow modem_svc to access modem files and perfetto

Bug: 331147031
Bug: 330730987

Test: Confirmed that modem_svc is able to access token db files in modem partition
Test: Confiemed that modem_svc can send traces to perfetto
Test: Confirmed v2/pixel-health-guard/device-boot-health-check-extra has no modem_svc avc denials.

Change-Id: I5fabd3177c758be533ca8bdef3cb3305afd6a5a6

tracking_denials/bug_map

@@ -5,7 +5,6 @@ incidentd debugfs_wakeup_sources file b/282626428
 incidentd incidentd anon_inode b/282626428
 kernel dm_device blk_file b/315907959
 kernel tmpfs chr_file b/315907959
-modem_svc_sit traced_producer_socket sock_file b/331147031
 rfsd vendor_cbd_prop file b/317734418
 shell sysfs_net file b/329380904
 surfaceflinger selinuxfs file b/313804340
@@ -16,3 +15,4 @@ untrusted_app userdebug_or_eng_prop file b/305600845
 vendor_init default_prop file b/315104713
 vendor_init default_prop file b/316817111
 vendor_init default_prop property_service b/315104713
+

whitechapel/vendor/google/modem_svc_sit.te

@@ -17,7 +17,7 @@ allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
 allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
 allow modem_svc_sit modem_stat_data_file:file create_file_perms;
 
-allow modem_svc_sit mnt_vendor_file:dir search;
+allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
 allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
 allow modem_svc_sit modem_userdata_file:file create_file_perms;
 
@@ -33,3 +33,12 @@ get_prop(modem_svc_sit, vendor_logger_prop)
 
 # Modem property
 set_prop(modem_svc_sit, vendor_modem_prop)
+
+# Write trace data to the Perfetto traced daemon. This requires connecting to
+# its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(modem_svc_sit)
+
+# Allow modem_svc_sit to access modem image file/dir
+allow modem_svc_sit modem_img_file:dir r_dir_perms;
+allow modem_svc_sit modem_img_file:file r_file_perms;
+allow modem_svc_sit modem_img_file:lnk_file r_file_perms;