From b56a49d979c228400abaae849e9df95d0c834f51 Mon Sep 17 00:00:00 2001 From: Hector Dearman Date: Wed, 4 Sep 2019 14:46:36 +0100 Subject: [PATCH] Allow adb forward to traced consumer socket Currently shell can connect to the traced_consumer_socket allowing it to configure/start/stop and collect traces. This allows a host tool (e.g. Android Studio or https://ui.perfetto.dev) to connect to the device via adb and collect traces. It would be better if rather than executing shell commands the host tool could directly communicate with the consumer socket. This is possible using adb forward: adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer However in this case adbd is connecting to the socket - not shell. This CL allows adbd to connect to the socket which allows host tools to collect traces without having to do everything though shell commands. Denial: 08-30 11:28:05.809 10254 10254 W adbd : type=1400 audit(0.0:1129): avc: denied { write } for name="traced_consumer" dev="tmpfs" ino=6719 scontext=u:r:adbd:s0 tcontext=u:object_r:traced_consumer_socket:s0 tclass=sock_file permissive=0 Test: Cherry pick CL to master, make, flash adb logcat | grep denied adb forward tcp:9903 localfilesystem:/dev/socket/traced_consumer Bug: b/139536756 Change-Id: Ie08e687c0b06d0e1121009e8cd70319a8f907ae2 --- private/adbd.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/private/adbd.te b/private/adbd.te index 2fa4af637..ec5c57eee 100644 --- a/private/adbd.te +++ b/private/adbd.te @@ -23,6 +23,10 @@ recovery_only(` unix_socket_connect(adbd, recovery, recovery) ') +# Control Perfetto traced and obtain traces from it. +# Needed to allow port forwarding directly to traced. +unix_socket_connect(adbd, traced_consumer, traced) + # Do not sanitize the environment or open fds of the shell. Allow signaling # created processes. allow adbd shell:process { noatsecure signal };