Update SELinux policy to allow camera HAL to send Perfetto trace packets

Example denials: 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:31): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:r:tr aced:s0 tclass=fd permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:32): avc: denied { read write } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext =u:object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:33): avc: denied { getattr } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u: object_r:traced_tmpfs:s0 tclass=file permissive=1 03-04 04:25:37.524 823 823 I TracingMuxer: type=1400 audit(0.0:34): avc: denied { map } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=20229 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1 Bug: 222684359 Test: Build and push new SELinux policy. Verify that trace packets are received by Perfetto. Change-Id: I0180c6bccf8cb65f444b8fb687ab48422c211bac
2022-03-08 13:54:34 -08:00 · 2022-03-08 13:54:34 -08:00 · f648f3c989
commit f648f3c989
parent 37d4cfa648
1 changed files with 5 additions and 2 deletions
--- a/whitechapel/vendor/google/hal_camera_default.te
+++ b/whitechapel/vendor/google/hal_camera_default.te
@ -83,12 +83,15 @@ allow hal_camera_default apex_info_file:file r_file_perms;
 # Allow camera HAL to query current device clock frequencies.
 allow hal_camera_default sysfs_devfreq_cur:file r_file_perms;

-# allow camera HAL to read backlight of display
+# Allow camera HAL to read backlight of display
 allow hal_camera_default sysfs_leds:dir r_dir_perms;
 allow hal_camera_default sysfs_leds:file r_file_perms;

-# allow camera HAL to query interrupts and set interrupt affinity
+# Allow camera HAL to query interrupts and set interrupt affinity
 allow hal_camera_default proc_irq:dir r_dir_perms;
 allow hal_camera_default proc_irq:file rw_file_perms;
 allow hal_camera_default proc_interrupts:dir r_dir_perms;
 allow hal_camera_default proc_interrupts:file r_file_perms;
+
+# Allow camera HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(hal_camera_default)')