tracefs: avoid overly generic regexes
On boot, Android runs restorecon on a number of virtual directories, such as /sys and /sys/kernel/debug, to ensure that the SELinux labels are correct. To avoid causing excessive boot time delays, the restorecon code aggressively prunes directories, to avoid recursing down directory trees which will never have a matching SELinux label. See: * https://android-review.googlesource.com/93401 * https://android-review.googlesource.com/109103 The key to this optimization is avoiding unnecessarily broad regular expressions in file_contexts. If an overly broad regex exists, the tree pruning code is ineffective, and the restorecon ends up visiting lots of unnecessary directories. The directory /sys/kernel/debug/tracing contains approximately 4500 files normally, and on debuggable builds, this number can jump to over 9000 files when the processing from wifi-events.rc occurs. For comparison, the entire /sys/kernel/debug tree (excluding /sys/kernel/debug/tracing) only contains approximately 8000 files. The regular expression "/sys/kernel(/debug)?/tracing/(.*)?" ends up matching a significant number of files, which impacts boot performance. Instead of using an overly broad regex, refine the regex so only the files needed have an entry in file_contexts. This list of files is essentially a duplicate of the entries in frameworks/native/cmds/atrace/atrace.rc . This change reduces the restorecon_recursive call for /sys/kernel/debug from approximately 260ms to 40ms, a boot time reduction of approximately 220ms. Bug: 35248779 Test: device boots, no SELinux denials, faster boot. Change-Id: I70f8af102762ec0180546b05fcf014c097135f3e
This commit is contained in:
Nick Kralevich
parent
6ebcfe478d
commit
4cae28d43c
4 changed files with 37 additions and 8 deletions
|
|
@ -445,12 +445,39 @@
|
|||
# debugfs files
|
||||
#
|
||||
/sys/kernel/debug/mmc0(/.*)? u:object_r:debugfs_mmc:s0
|
||||
/sys/kernel(/debug)?/tracing/(.*)? u:object_r:debugfs_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
||||
/sys/kernel(/debug)?/tracing/instances(/.*)? u:object_r:debugfs_tracing_instances:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer u:object_r:debugfs_wifi_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/trace u:object_r:debugfs_wifi_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on u:object_r:debugfs_wifi_tracing:s0
|
||||
|
||||
#############################
|
||||
# tracefs files
|
||||
#
|
||||
/sys/kernel(/debug)?/tracing/buffer_size_kb u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/binder/binder_locked/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/binder/binder_lock/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/binder/binder_transaction/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/binder/binder_transaction_received/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/binder/binder_unlock/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/cpufreq_interactive/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/power/clock_set_rate/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/power/cpu_frequency/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/power/cpu_frequency_limits/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/power/cpu_idle/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/sched/sched_blocked_reason/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/sched/sched_cpu_hotplug/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/sched/sched_switch/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/sched/sched_wakeup/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_end/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_sleep/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_wake/enable u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/instances(/.*)? u:object_r:debugfs_tracing_instances:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer u:object_r:debugfs_wifi_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/trace u:object_r:debugfs_wifi_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on u:object_r:debugfs_wifi_tracing:s0
|
||||
/sys/kernel(/debug)?/tracing/options/overwrite u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/options/print-tgid u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/trace u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/trace_clock u:object_r:tracing_shell_writable:s0
|
||||
/sys/kernel(/debug)?/tracing/trace_marker u:object_r:debugfs_trace_marker:s0
|
||||
/sys/kernel(/debug)?/tracing/tracing_on u:object_r:tracing_shell_writable:s0
|
||||
|
||||
#############################
|
||||
# asec containers
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
# systrace support - allow atrace to run
|
||||
allow shell debugfs_tracing:dir r_dir_perms;
|
||||
allow shell debugfs_tracing:file rw_file_perms;
|
||||
allow shell debugfs_tracing:file r_file_perms;
|
||||
allow shell tracing_shell_writable:file rw_file_perms;
|
||||
allow shell debugfs_trace_marker:file getattr;
|
||||
allow shell atrace_exec:file rx_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
|
|||
type debugfs_tracing, fs_type, debugfs_type;
|
||||
type debugfs_tracing_instances, fs_type, debugfs_type;
|
||||
type debugfs_wifi_tracing, fs_type, debugfs_type;
|
||||
type tracing_shell_writable, fs_type, debugfs_type;
|
||||
type pstorefs, fs_type;
|
||||
type functionfs, fs_type, mlstrustedobject;
|
||||
type oemfs, fs_type, contextmount_type;
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ allow init dev_type:dir create_dir_perms;
|
|||
allow init dev_type:lnk_file create;
|
||||
|
||||
# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
|
||||
allow init debugfs_tracing:file w_file_perms;
|
||||
allow init tracing_shell_writable:file w_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Setup and control wifi event tracing (see wifi-events.rc)
|
||||
|
|
|
|||
Loading…
Reference in a new issue