diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts index 83d081ac9..ada6c3b3b 100644 --- a/apex/com.android.art-file_contexts +++ b/apex/com.android.art-file_contexts @@ -9,5 +9,4 @@ /bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0 /bin/odrefresh u:object_r:odrefresh_exec:s0 /bin/profman u:object_r:profman_exec:s0 -/bin/oatdump u:object_r:oatdump_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test index e003d65b1..54dc1f325 100644 --- a/contexts/plat_file_contexts_test +++ b/contexts/plat_file_contexts_test @@ -1269,5 +1269,3 @@ /product/bin/otapreopt_script postinstall_exec /system/bin/otapreopt postinstall_dexopt_exec /product/bin/otapreopt postinstall_dexopt_exec -/data/misc/uprobestats-configs uprobestats_configs_data_file -/data/misc/uprobestats-configs/test uprobestats_configs_data_file diff --git a/private/file.te b/private/file.te index de2581d3c..f4c3e2dd4 100644 --- a/private/file.te +++ b/private/file.te @@ -28,12 +28,6 @@ type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_f # /data/misc/perfetto-configs for perfetto configs type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type; -# /data/misc/uprobestats-configs for uprobestats configs -type uprobestats_configs_data_file, file_type, data_file_type, core_data_file_type; - -# /apex/com.android.art/bin/oatdump -type oatdump_exec, system_file_type, exec_type, file_type; - # /data/misc_{ce/de}//sdksandbox root data directory for sdk sandbox processes type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type; # /data/misc_{ce/de}//sdksandbox//* subdirectory for sdk sandbox processes diff --git a/private/file_contexts b/private/file_contexts index 1fdeb14d9..3cfbaf0ee 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -663,7 +663,6 @@ /data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0 /data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0 /data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0 -/data/misc/uprobestats-configs(/.*)? u:object_r:uprobestats_configs_data_file:s0 /data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0 /data/misc/profcollectd(/.*)? u:object_r:profcollectd_data_file:s0 /data/misc/radio(/.*)? u:object_r:radio_core_data_file:s0 diff --git a/private/property.te b/private/property.te index 20a93751f..ff0b693b6 100644 --- a/private/property.te +++ b/private/property.te @@ -45,7 +45,6 @@ system_internal_prop(snapuserd_prop) system_internal_prop(system_adbd_prop) system_internal_prop(timezone_metadata_prop) system_internal_prop(traced_perf_enabled_prop) -system_internal_prop(uprobestats_start_with_config_prop) system_internal_prop(tuner_server_ctl_prop) system_internal_prop(userspace_reboot_log_prop) system_internal_prop(userspace_reboot_test_prop) diff --git a/private/property_contexts b/private/property_contexts index 11fa4adc9..4166c5509 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -87,7 +87,6 @@ persist.traced.enable u:object_r:traced_enabled_prop:s0 traced.lazy. u:object_r:traced_lazy_prop:s0 persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0 persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0 -uprobestats.start_with_config u:object_r:uprobestats_start_with_config_prop:s0 persist.vendor.debug.wifi. u:object_r:persist_vendor_debug_wifi_prop:s0 persist.vendor.overlay. u:object_r:overlay_prop:s0 ril.cdma.inecmmode u:object_r:radio_cdma_ecm_prop:s0 exact bool diff --git a/private/statsd.te b/private/statsd.te index 051b99ec8..59948fffb 100644 --- a/private/statsd.te +++ b/private/statsd.te @@ -28,10 +28,3 @@ binder_call(statsd, surfaceflinger); # Allow statsd to read its system properties get_prop(statsd, device_config_statsd_native_prop) get_prop(statsd, device_config_statsd_native_boot_prop) - -# Allow statsd to write uprobestats configs. -allow statsd uprobestats_configs_data_file:dir rw_dir_perms; -allow statsd uprobestats_configs_data_file:file create_file_perms; - -# Allow statsd to trigger uprobestats via property. -set_prop(statsd, uprobestats_start_with_config_prop); diff --git a/private/system_server.te b/private/system_server.te index 982e1f3bd..474a7b6dc 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -302,7 +302,6 @@ binder_call(system_server, virtual_camera) binder_call(system_server, vold) binder_call(system_server, logd) binder_call(system_server, wificond) -binder_call(system_server, uprobestats) binder_service(system_server) # Use HALs diff --git a/private/uprobestats.te b/private/uprobestats.te index 78595f6af..f2a4ae3bc 100644 --- a/private/uprobestats.te +++ b/private/uprobestats.te @@ -4,8 +4,8 @@ typeattribute uprobestats bpfdomain; type uprobestats_exec, system_file_type, exec_type, file_type; -# Allow init to start uprobestats. -init_daemon_domain(uprobestats) +# Allow uprobestats to be invoked by statsd. +domain_auto_trans(statsd, uprobestats_exec, uprobestats) allow uprobestats fs_bpf_uprobe_private:file { read write }; allow uprobestats fs_bpf_uprobe_private:dir search; @@ -14,24 +14,3 @@ allow uprobestats self:capability2 perfmon; allow uprobestats self:perf_event { cpu open write }; allow uprobestats sysfs_uprobe:file { open read }; allow uprobestats sysfs_uprobe:dir { search }; - -# Allow uprobestats to popen oatdump. -allow uprobestats oatdump_exec:file rx_file_perms; - -# Allow uprobestats to write atoms to statsd -unix_socket_send(uprobestats, statsdw, statsd) - -# For registration with system server as a process observer. -binder_use(uprobestats) -allow uprobestats activity_service:service_manager find; -binder_call(uprobestats, system_server); - -# Allow uprobestats to talk to native package manager -allow uprobestats package_native_service:service_manager find; - -# Allow uprobestats to scan /proc//cmdline. -r_dir_file(uprobestats, { domain -appdomain }) - -# Allow uprobestats to manage its own config files. -allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms; -allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink };