From 7056027e719eb71f2cb66f0b908269aad2c4c4ac Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <dkyadav@google.com>
Date: Wed, 11 Jan 2023 09:46:49 +0000
Subject: [PATCH] Add SEPolicy settings for android logging/tracing service for
 GXP

Test:
Checked that no "avc" violations were caused by gxp_logging after selinux has been enforced.

Bug: 264489388
Change-Id: I967b7b6d57c70804bed5c4ae94ff7b62ece23de3
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
---
 tracking_denials/gxp_logging.te | 4 ----
 vendor/gxp_logging.te           | 6 ++++++
 2 files changed, 6 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/gxp_logging.te

diff --git a/tracking_denials/gxp_logging.te b/tracking_denials/gxp_logging.te
deleted file mode 100644
index 082c0591..00000000
--- a/tracking_denials/gxp_logging.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264489388
-userdebug_or_eng(`
-  permissive gxp_logging;
-')
\ No newline at end of file
diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te
index 1abe6870..000138a6 100644
--- a/vendor/gxp_logging.te
+++ b/vendor/gxp_logging.te
@@ -2,3 +2,9 @@ type gxp_logging, domain;
 type gxp_logging_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(gxp_logging)
 
+# The logging service accesses /dev/gxp
+allow gxp_logging gxp_device:chr_file rw_file_perms;
+
+# Allow gxp tracing service to send packets to Perfetto
+userdebug_or_eng(`perfetto_producer(gxp_logging)')
+