Merge changes Ia2defe72,Icef1ebdd
* changes: allow simpleperf to profile more app types. simpleperf_app_runner: move rules to private.
This commit is contained in:
Yabin Cui
Gerrit Code Review
commit
e43222e19b
4 changed files with 59 additions and 50 deletions
|
|
@ -5,7 +5,16 @@
|
|||
typeattribute simpleperf coredomain;
|
||||
type simpleperf_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
|
||||
# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
|
||||
define(`simpleperf_profileable_apps', `{
|
||||
ephemeral_app
|
||||
isolated_app
|
||||
platform_app
|
||||
priv_app
|
||||
untrusted_app_all
|
||||
}')
|
||||
|
||||
domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
|
||||
|
||||
# When running in this domain, simpleperf is scoped to profiling an individual
|
||||
# app. The necessary MAC permissions for profiling are more maintainable and
|
||||
|
|
@ -16,14 +25,19 @@ untrusted_app_domain(simpleperf)
|
|||
|
||||
# Allow ptrace attach to the target app, for reading JIT debug info (using
|
||||
# process_vm_readv) during unwinding and symbolization.
|
||||
allow simpleperf untrusted_app_all:process ptrace;
|
||||
allow simpleperf simpleperf_profileable_apps:process ptrace;
|
||||
|
||||
# Allow using perf_event_open syscall for profiling the target app.
|
||||
allow simpleperf self:perf_event { open read write kernel };
|
||||
|
||||
# Allow /proc/<pid> access for the target app (for example, when trying to
|
||||
# discover it by cmdline).
|
||||
r_dir_file(simpleperf, untrusted_app_all)
|
||||
r_dir_file(simpleperf, simpleperf_profileable_apps)
|
||||
|
||||
# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
|
||||
# profiler runs as when executed by the app. The signals are used to control
|
||||
# the profiler (which would be profiling the app that is sending the signal).
|
||||
allow simpleperf_profileable_apps simpleperf:process signal;
|
||||
|
||||
# Suppress denial logspam when simpleperf is trying to find a matching process
|
||||
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
|
||||
|
|
|
|||
|
|
@ -1,3 +1,45 @@
|
|||
typeattribute simpleperf_app_runner coredomain;
|
||||
|
||||
domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner)
|
||||
|
||||
# run simpleperf_app_runner in adb shell.
|
||||
allow simpleperf_app_runner adbd:fd use;
|
||||
allow simpleperf_app_runner shell:fd use;
|
||||
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
|
||||
|
||||
# simpleperf_app_runner reads package information.
|
||||
allow simpleperf_app_runner system_data_file:file r_file_perms;
|
||||
allow simpleperf_app_runner system_data_file:lnk_file getattr;
|
||||
allow simpleperf_app_runner packages_list_file:file r_file_perms;
|
||||
|
||||
# The app's data dir may be accessed through a symlink.
|
||||
allow simpleperf_app_runner system_data_file:lnk_file read;
|
||||
|
||||
# simpleperf_app_runner switches to the app UID/GID.
|
||||
allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
|
||||
|
||||
# simpleperf_app_runner switches to the app security context.
|
||||
selinux_check_context(simpleperf_app_runner) # validate context
|
||||
allow simpleperf_app_runner self:process setcurrent;
|
||||
allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
|
||||
|
||||
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
|
||||
# determine which domain to transition to.
|
||||
allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
|
||||
|
||||
# simpleperf_app_runner passes pipe fds.
|
||||
# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
|
||||
allow simpleperf_app_runner shell:fifo_file { read write };
|
||||
|
||||
# simpleperf_app_runner checks shell data paths.
|
||||
# simpleperf_app_runner passes shell data fds.
|
||||
allow simpleperf_app_runner shell_data_file:dir { getattr search };
|
||||
allow simpleperf_app_runner shell_data_file:file { getattr write };
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
|
||||
neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
|
||||
neverallow simpleperf_app_runner self:global_capability2_class_set *;
|
||||
|
|
|
|||
|
|
@ -170,8 +170,3 @@ userdebug_or_eng(`
|
|||
# according to the heuristic of lockdown.
|
||||
allow untrusted_app_all self:lockdown integrity;
|
||||
')
|
||||
|
||||
# Allow signalling simpleperf domain, which is the domain that the simpleperf
|
||||
# profiler runs as when executed by the app. The signals are used to control
|
||||
# the profiler (which would be profiling the app that is sending the signal).
|
||||
allow untrusted_app_all simpleperf:process signal;
|
||||
|
|
|
|||
|
|
@ -1,44 +1,2 @@
|
|||
type simpleperf_app_runner, domain, mlstrustedsubject;
|
||||
type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
# run simpleperf_app_runner in adb shell.
|
||||
allow simpleperf_app_runner adbd:fd use;
|
||||
allow simpleperf_app_runner shell:fd use;
|
||||
allow simpleperf_app_runner devpts:chr_file { read write ioctl };
|
||||
|
||||
# simpleperf_app_runner reads package information.
|
||||
allow simpleperf_app_runner system_data_file:file r_file_perms;
|
||||
allow simpleperf_app_runner system_data_file:lnk_file getattr;
|
||||
allow simpleperf_app_runner packages_list_file:file r_file_perms;
|
||||
|
||||
# The app's data dir may be accessed through a symlink.
|
||||
allow simpleperf_app_runner system_data_file:lnk_file read;
|
||||
|
||||
# simpleperf_app_runner switches to the app UID/GID.
|
||||
allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
|
||||
|
||||
# simpleperf_app_runner switches to the app security context.
|
||||
selinux_check_context(simpleperf_app_runner) # validate context
|
||||
allow simpleperf_app_runner self:process setcurrent;
|
||||
allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
|
||||
|
||||
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
|
||||
# determine which domain to transition to.
|
||||
allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
|
||||
|
||||
# simpleperf_app_runner passes pipe fds.
|
||||
# simpleperf_app_runner writes app type (debuggable or profileable) to pipe fds.
|
||||
allow simpleperf_app_runner shell:fifo_file { read write };
|
||||
|
||||
# simpleperf_app_runner checks shell data paths.
|
||||
# simpleperf_app_runner passes shell data fds.
|
||||
allow simpleperf_app_runner shell_data_file:dir { getattr search };
|
||||
allow simpleperf_app_runner shell_data_file:file { getattr write };
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
||||
# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
|
||||
neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
|
||||
neverallow simpleperf_app_runner self:global_capability2_class_set *;
|
||||
|
|
|
|||
Loading…
Reference in a new issue