allow WifiService to use tracing on user builds
Previously, we'd restricted WifiService's use of the kernel's tracing feature to just userdebug_or_eng builds. This restriction was in place because the feature had not yet been reviewed from a privacy perspective. Now that the feature has passed privacy review, enable the feature on all builds. Note that other safeguards remain in place (on all builds): - The set of events to be monitored is configured by init, rather than WifiService (part of system_server). This privilege separation prevents a compromised system_server from tracing additional information. - The trace events are kept only in RAM, until/unless WifiService receives a dump request. (This would happen, for example, in the case of adb dumpsys, or generating a bugreport.) Bug: 35679234 Test: manual (see below) Manual test details: - flash device - connect device to a wifi network $ adb shell dumpsys wifi | grep rdev_connect [should see at least one matching line] Change-Id: I85070054857d75177d0bcdeb9b2c95bfd7e3b6bc
This commit is contained in:
mukesh agrawal
parent
ebbbe6dd36
commit
723364f136
2 changed files with 7 additions and 11 deletions
|
|
@ -629,11 +629,9 @@ allow system_server sysfs_leds:file rw_file_perms;
|
|||
allow system_server sysfs_leds:dir r_dir_perms;
|
||||
###
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Allow WifiService to start, stop, and read wifi-specific trace events.
|
||||
allow system_server debugfs_tracing_instances:dir search;
|
||||
allow system_server debugfs_wifi_tracing:file rw_file_perms;
|
||||
')
|
||||
# Allow WifiService to start, stop, and read wifi-specific trace events.
|
||||
allow system_server debugfs_tracing_instances:dir search;
|
||||
allow system_server debugfs_wifi_tracing:file rw_file_perms;
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
|
|
|
|||
|
|
@ -188,12 +188,10 @@ allow init dev_type:lnk_file create;
|
|||
# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
|
||||
allow init tracing_shell_writable:file w_file_perms;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Setup and control wifi event tracing (see wifi-events.rc)
|
||||
allow init debugfs_tracing_instances:dir create_dir_perms;
|
||||
allow init debugfs_tracing_instances:file w_file_perms;
|
||||
allow init debugfs_wifi_tracing:file w_file_perms;
|
||||
')
|
||||
# Setup and control wifi event tracing (see wifi-events.rc)
|
||||
allow init debugfs_tracing_instances:dir create_dir_perms;
|
||||
allow init debugfs_tracing_instances:file w_file_perms;
|
||||
allow init debugfs_wifi_tracing:file w_file_perms;
|
||||
|
||||
# chown/chmod on pseudo files.
|
||||
allow init { fs_type -contextmount_type -sdcard_type -rootfs }:file { open read setattr };
|
||||
|
|
|
|||
Loading…
Reference in a new issue