Allow perfetto traced_probes to poll /proc/{meminfo,stat,vmstat,...}
This allows the trace producer daemon to snapshot counters at high frequency in the trace. As usual for Perfetto, this data is NOT made available to arbitrary apps but only to an extremely limited subset of processes governed by selinux rules (currently shell and statsd). Bug: 115956288 Change-Id: I7e1bfda4b568b9bac9012b198ecbb998da4f773d
This commit is contained in:
Primiano Tucci
parent
ca4217e211
commit
51dc7cb1d4
1 changed files with 9 additions and 0 deletions
|
|
@ -57,6 +57,15 @@ domain_auto_trans(traced_probes, atrace_exec, atrace);
|
|||
# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
|
||||
allow atrace traced_probes:fd use;
|
||||
|
||||
# Allow traced_probes to access /proc files for system stats.
|
||||
# Note: trace data is NOT exposed to anything other than shell and privileged
|
||||
# system apps that have access to the traced consumer socket.
|
||||
allow traced_probes {
|
||||
proc_meminfo
|
||||
proc_vmstat
|
||||
proc_stat
|
||||
}:file r_file_perms;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
|
|
|||
Loading…
Reference in a new issue