debug builds: allow perf profiling of most domains

As with heapprofd, it's useful to profile the platform itself on debug builds (compared to just apps on "user" builds). Bug: 137092007 Change-Id: I8630c20e0da9c67e4927496802a4cd9cacbeb81a
2020-01-22 20:00:13 +00:00 · 2020-01-22 20:00:13 +00:00 · 845569e2e5
commit 845569e2e5
parent 67a82481f8
4 changed files with 27 additions and 3 deletions
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@ -132,8 +132,9 @@ neverallow app_zygote domain:{
  alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
 } *;

-# Only allow app_zygote to talk to the logd socket, and su/heapprofd on eng/userdebug
-# This is because cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
+# Only allow app_zygote to talk to the logd socket, and
+# su/heapprofd/traced_perf on eng/userdebug. This is because
+# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
 # Think twice before changing.
 neverallow app_zygote {
  domain
@ -142,6 +143,7 @@ neverallow app_zygote {
  -system_server
  userdebug_or_eng(`-su')
  userdebug_or_eng(`-heapprofd')
+  userdebug_or_eng(`-traced_perf')
 }:unix_dgram_socket *;

 neverallow app_zygote {
@ -149,6 +151,7 @@ neverallow app_zygote {
  -app_zygote
  userdebug_or_eng(`-su')
  userdebug_or_eng(`-heapprofd')
+  userdebug_or_eng(`-traced_perf')
 }:unix_stream_socket *;

 # Never allow ptrace
--- a/private/domain.te
+++ b/private/domain.te
@ -28,6 +28,25 @@ userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
  -vold
 })')

+# As above, allow perf profiling most processes on debug builds.
+# Do not diverge the two lists without a really good reason.
+userdebug_or_eng(`can_profile_perf({
+  domain
+  -bpfloader
+  -init
+  -kernel
+  -keystore
+  -llkd
+  -logd
+  -logpersist
+  -recovery
+  -recovery_persist
+  -recovery_refresh
+  -ueventd
+  -vendor_init
+  -vold
+})')
+
 # Path resolution access in cgroups.
 allow domain cgroup:dir search;
 allow { domain -appdomain -rs } cgroup:dir w_dir_perms;
--- a/public/domain.te
+++ b/public/domain.te
@ -728,7 +728,8 @@ full_treble_only(`
    userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
    -init
    -tombstoned # linker to tombstoned
-    userdebug_or_eng('-heapprofd`)
+    userdebug_or_eng(`-heapprofd')
+    userdebug_or_eng(`-traced_perf')
  });
 ')

--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@ -34,6 +34,7 @@ neverallow hal_configstore_server {
  userdebug_or_eng(`-su')
  -tombstoned
  userdebug_or_eng(`-heapprofd')
+  userdebug_or_eng(`-traced_perf')
 }:{ unix_dgram_socket unix_stream_socket } *;

 # Should never need access to anything on /data