Merge "Revert "Revert "allow simpleperf to profile more app types.""" am: d6ab03f8d0

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1872134

Change-Id: Ia88c1d7659791deb890d47380404c69c657079ff
This commit is contained in:
Yabin Cui 2021-10-29 16:49:11 +00:00 committed by Automerger Merge Worker
commit d67a8be8cd
3 changed files with 18 additions and 9 deletions

View file

@ -5,7 +5,16 @@
typeattribute simpleperf coredomain;
type simpleperf_exec, system_file_type, exec_type, file_type;
domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
define(`simpleperf_profileable_apps', `{
ephemeral_app
isolated_app
platform_app
priv_app
untrusted_app_all
}')
domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
# When running in this domain, simpleperf is scoped to profiling an individual
# app. The necessary MAC permissions for profiling are more maintainable and
@ -16,14 +25,19 @@ untrusted_app_domain(simpleperf)
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
allow simpleperf untrusted_app_all:process ptrace;
allow simpleperf simpleperf_profileable_apps:process ptrace;
# Allow using perf_event_open syscall for profiling the target app.
allow simpleperf self:perf_event { open read write kernel };
# Allow /proc/<pid> access for the target app (for example, when trying to
# discover it by cmdline).
r_dir_file(simpleperf, untrusted_app_all)
r_dir_file(simpleperf, simpleperf_profileable_apps)
# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
# profiler runs as when executed by the app. The signals are used to control
# the profiler (which would be profiling the app that is sending the signal).
allow simpleperf_profileable_apps simpleperf:process signal;
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within

View file

@ -21,7 +21,7 @@ allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
# simpleperf_app_runner switches to the app security context.
selinux_check_context(simpleperf_app_runner) # validate context
allow simpleperf_app_runner self:process setcurrent;
allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
# determine which domain to transition to.

View file

@ -171,11 +171,6 @@ userdebug_or_eng(`
allow untrusted_app_all self:lockdown integrity;
')
# Allow signalling simpleperf domain, which is the domain that the simpleperf
# profiler runs as when executed by the app. The signals are used to control
# the profiler (which would be profiling the app that is sending the signal).
allow untrusted_app_all simpleperf:process signal;
# Allow running a VM for test/demo purposes. Note that access the service is
# still guarded with the `android.permission.MANAGE_VIRTUAL_MACHINE`
# permission. The protection level of the permission is `signature|development`