Allow heapprofd central mode on user builds.

This simplifies operation by removing a special case for user builds.

Test: atest CtsPerfettoTestCases on user
Test: atest CtsPerfettoTestCases on userdebug
Test: atest perfetto_integrationtests on userdebug
Bug: 153139002
Change-Id: Ibbf3dd5e4f75c2a02d931f73b96fabb8157e0ebf
This commit is contained in:
Florian Mayer 2021-01-11 17:17:30 +00:00
parent bd15e9ac63
commit a8a3d8b1bf
5 changed files with 16 additions and 55 deletions

View file

@ -49,7 +49,7 @@ full_treble_only(`
-idmap
-init
-installd
userdebug_or_eng(`-heapprofd')
-heapprofd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
@ -66,7 +66,7 @@ full_treble_only(`
-idmap
-init
-installd
userdebug_or_eng(`-heapprofd')
-heapprofd
userdebug_or_eng(`-profcollectd')
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
@ -93,7 +93,7 @@ full_treble_only(`
-app_zygote
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
-heapprofd
} vendor_overlay_file:dir { getattr open read search };
')
@ -113,7 +113,7 @@ full_treble_only(`
-app_zygote
-webview_zygote
-zygote
userdebug_or_eng(`-heapprofd')
-heapprofd
userdebug_or_eng(`-profcollectd')
} vendor_overlay_file:file open;
')

View file

@ -11,7 +11,7 @@ allow domain crash_dump:process sigchld;
# necessary SELinux permissions.
get_prop(domain, heapprofd_prop);
# Allow heap profiling on debug builds.
userdebug_or_eng(`can_profile_heap_central({
userdebug_or_eng(`can_profile_heap({
domain
-bpfloader
-init
@ -307,7 +307,7 @@ neverallow ~{
iorap_prefetcherd
traced_perf
traced_probes
userdebug_or_eng(`heapprofd')
heapprofd
} self:global_capability_class_set dac_read_search;
# Limit what domains can mount filesystems or change their mount flags.
@ -414,7 +414,7 @@ full_treble_only(`
-iorap_inode2filename
-iorap_prefetcherd
-kernel # loads /vendor/firmware
userdebug_or_eng(`-heapprofd')
-heapprofd
userdebug_or_eng(`-profcollectd')
-shell
-system_executes_vendor_violators

View file

@ -39,19 +39,14 @@ perfetto_producer(heapprofd)
# When handling profiling for all processes, heapprofd needs to read
# executables/libraries/etc to do stack unwinding.
userdebug_or_eng(`
r_dir_file(heapprofd, nativetest_data_file)
r_dir_file(heapprofd, system_file_type)
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
r_dir_file(heapprofd, shell_data_file)
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
allow heapprofd proc_kpageflags:file r_file_perms;
')
r_dir_file(heapprofd, nativetest_data_file)
r_dir_file(heapprofd, system_file_type)
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
# For checking profileability.
allow heapprofd packages_list_file:file r_file_perms;

View file

@ -1204,7 +1204,6 @@ neverallow {
domain
-shell
userdebug_or_eng(`-uncrypt')
userdebug_or_eng(`-heapprofd')
-installd
} shell_data_file:lnk_file read;
@ -1233,7 +1232,6 @@ neverallow {
-simpleperf_app_runner
-system_server # why?
userdebug_or_eng(`-uncrypt')
userdebug_or_eng(`-heapprofd')
} shell_data_file:dir { open search };
# Same as above for /data/local/tmp files. We allow shell files
@ -1245,7 +1243,6 @@ neverallow {
-dumpstate
-installd
userdebug_or_eng(`-uncrypt')
userdebug_or_eng(`-heapprofd')
} shell_data_file:file open;
# servicemanager and vndservicemanager are the only processes which handle the

View file

@ -693,40 +693,9 @@ define(`hal_attribute_service', `
###################################
# can_profile_heap(domain)
# Allow processes within the domain to have their heap profiled by heapprofd.
#
# Note that profiling is performed differently between debug and user builds.
# There are two modes for profiling:
# * forked
# * central.
# On user builds, the default is to allow only forked mode. If it is desired
# to allow central mode as well for a domain, use can_profile_heap_central.
# On userdebug, this macro allows both forked and central.
define(`can_profile_heap', `
# Allow central daemon to send signal for client initialization.
allow heapprofd $1:process signal;
# Allow executing a private heapprofd process to handle profiling on
# user builds (also debug builds for testing & development purposes).
allow $1 heapprofd_exec:file rx_file_perms;
# Allow directory & file read to the central heapprofd daemon, as it scans
# /proc/[pid]/cmdline for by-process-name profiling configs.
# Note that this excludes /proc/[pid]/mem, as it requires ptrace capabilities.
allow heapprofd $1:file r_file_perms;
allow heapprofd $1:dir r_dir_perms;
# Profilability on user implies profilability on userdebug and eng.
userdebug_or_eng(`
can_profile_heap_central($1)
')
')
###################################
# can_profile_heap_central(domain)
# Allow processes within the domain to have their heap profiled by central
# heapprofd.
define(`can_profile_heap_central', `
define(`can_profile_heap', `
# Allow central daemon to send signal for client initialization.
allow heapprofd $1:process signal;
# Allow connecting to the daemon.