From 3696a20b11c26e486ace235d4accf0c70e2281ff Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 27 Oct 2021 11:05:01 -0700 Subject: [PATCH] Revert "Revert "allow simpleperf to profile more app types."" This reverts commit dd2079d7f07c4023506f8255313f46be9b677a8e. Bug: 199086135 Test: run simpleperf to record systemui. Change-Id: Ibc6017d53a9835a2f8ff5409c825c0d70ef23e25 --- private/simpleperf.te | 20 +++++++++++++++++--- private/simpleperf_app_runner.te | 2 +- private/untrusted_app_all.te | 5 ----- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/private/simpleperf.te b/private/simpleperf.te index 0639c1136..9c700600e 100644 --- a/private/simpleperf.te +++ b/private/simpleperf.te @@ -5,7 +5,16 @@ typeattribute simpleperf coredomain; type simpleperf_exec, system_file_type, exec_type, file_type; -domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf) +# Define apps that can be marked debuggable/profileable and be profiled by simpleperf. +define(`simpleperf_profileable_apps', `{ + ephemeral_app + isolated_app + platform_app + priv_app + untrusted_app_all +}') + +domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf) # When running in this domain, simpleperf is scoped to profiling an individual # app. The necessary MAC permissions for profiling are more maintainable and @@ -16,14 +25,19 @@ untrusted_app_domain(simpleperf) # Allow ptrace attach to the target app, for reading JIT debug info (using # process_vm_readv) during unwinding and symbolization. -allow simpleperf untrusted_app_all:process ptrace; +allow simpleperf simpleperf_profileable_apps:process ptrace; # Allow using perf_event_open syscall for profiling the target app. allow simpleperf self:perf_event { open read write kernel }; # Allow /proc/ access for the target app (for example, when trying to # discover it by cmdline). -r_dir_file(simpleperf, untrusted_app_all) +r_dir_file(simpleperf, simpleperf_profileable_apps) + +# Allow apps signalling simpleperf domain, which is the domain that the simpleperf +# profiler runs as when executed by the app. The signals are used to control +# the profiler (which would be profiling the app that is sending the signal). +allow simpleperf_profileable_apps simpleperf:process signal; # Suppress denial logspam when simpleperf is trying to find a matching process # by scanning /proc//cmdline files. The /proc/ directories are within diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te index 17fd8cdc2..184a80a05 100644 --- a/private/simpleperf_app_runner.te +++ b/private/simpleperf_app_runner.te @@ -21,7 +21,7 @@ allow simpleperf_app_runner self:global_capability_class_set { setuid setgid }; # simpleperf_app_runner switches to the app security context. selinux_check_context(simpleperf_app_runner) # validate context allow simpleperf_app_runner self:process setcurrent; -allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon +allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon # simpleperf_app_runner/libselinux needs access to seapp_contexts_file to # determine which domain to transition to. diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te index d6f237c36..ceee544f4 100644 --- a/private/untrusted_app_all.te +++ b/private/untrusted_app_all.te @@ -171,11 +171,6 @@ userdebug_or_eng(` allow untrusted_app_all self:lockdown integrity; ') -# Allow signalling simpleperf domain, which is the domain that the simpleperf -# profiler runs as when executed by the app. The signals are used to control -# the profiler (which would be profiling the app that is sending the signal). -allow untrusted_app_all simpleperf:process signal; - # Allow running a VM for test/demo purposes. Note that access the service is # still guarded with the `android.permission.MANAGE_VIRTUAL_MACHINE` # permission. The protection level of the permission is `signature|development`