userdebug: support perfetto traces as a section in incident reports

This set of patches adds a way for the perfetto command line client to save a trace to a hardcoded location, /data/misc/perfetto-traces/incident-trace, and call into incidentd to start a report, which will include said trace in a new section. This is not a long-term solution, and is structured to minimize changes to perfetto and incidentd. The latter is currently architected in a way where it can only pull pre-defined information out of the system, so we're resorting to persisting the intermediate results in a hardcoded location. This will introduce at most two more linked files at the same time. Bug: 130543265 Bug: 134706389 Tested: manually on blueline-userdebug Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
2019-05-29 17:50:44 +01:00 · 2019-05-29 17:50:44 +01:00 · ce3a33ff18
commit ce3a33ff18
parent 848075e330
2 changed files with 18 additions and 2 deletions
--- a/private/incidentd.te
+++ b/private/incidentd.te
@ -49,6 +49,13 @@ userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
 allow incidentd stats_service:service_manager find;
 binder_call(incidentd, statsd)

+# section id 3026, allow reading /data/misc/perfetto-traces.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+  allow incidentd perfetto_traces_data_file:dir r_dir_perms;
+  allow incidentd perfetto_traces_data_file:file r_file_perms;
+');
+
 # Create and write into /data/misc/incidents
 allow incidentd incident_data_file:dir rw_dir_perms;
 allow incidentd incident_data_file:file create_file_perms;
@ -145,12 +152,14 @@ binder_call(incidentd, incident)
 ### neverallow rules
 ###

-# only dumpstate, system_server, system_app and incident command can find the incident service
+# only specific domains can find the incident service
+# TODO(b/134706389): remove "perfetto" when no longer used.
 neverallow {
  domain
  -dumpstate
  -incident
  -incidentd
+  userdebug_or_eng(`-perfetto')
  -priv_app
  -statsd
  -system_app
--- a/private/perfetto.te
+++ b/private/perfetto.te
@ -37,12 +37,19 @@ allow perfetto { statsd shell su }:fifo_file { getattr read write };
 allow perfetto adbd:fd use;
 allow perfetto adbd:unix_stream_socket { read write };

-# allow adbd to reap perfetto
+# Allow adbd to reap perfetto
 allow perfetto adbd:process { sigchld };

 # Allow to access /dev/pts when launched in an adb shell.
 allow perfetto devpts:chr_file rw_file_perms;

+# Allow perfetto to ask incidentd to start a report.
+# TODO(b/134706389): remove when no longer used.
+userdebug_or_eng(`
+  allow perfetto incident_service:service_manager find;
+  binder_call(perfetto, incidentd)
+');
+
 ###
 ### Neverallow rules
 ###