tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
33479 commits 1 branch 0 tags 50 MiB
Commit graph

9 commits

Author SHA1 Message Date
Yabin Cui
bd4c9e8530 Add permissions in profcollectd to parse kernel etm data. 
To parse etm data for kernel and kernel modules, add below permissions
to profcollectd:
1. Get kernel start address and module addresses from /proc/kallsyms
and /proc/modules.
2. Get kernel build id from /sys/kernel/notes.
3. Read kernel module files in vendor dir.

Bug: 166559473
Test: run profcollectd.

Change-Id: I2e0b346379271fadc20e720722f7c9a687335ee2
 2021-04-08 16:03:59 -07:00
Yi Kong
9b65845b4a Allow profcollectd to store and read its application specific node ID in properties 
This node ID will be used to uniquely and anonymously identify a device
by profcollectd on engineering (userdebug or eng) builds.

Test: build
Change-Id: If01f71c62479d63d4d19aac15da24bc835621e66
 2021-03-22 19:40:03 +00:00
Yabin Cui
aa25b5e39f Make profcollectd mlstrustedsubject. 
Without being mlstrustedsubject, profcollectd can't read
/proc/<pid>/maps for app processes:

avc: denied " {" read" } for " scontext=u:r:profcollectd:s0
tcontext=u:r:platform_app:s0:c512,c768 tclass=file permissive=0

Bug: 166559473
Test: build and run profcollectd.

Change-Id: I2a20428694edbd87b1304c5f2221ddf699b8193a
 2021-03-09 18:51:23 -08:00
Yi Kong
fb621a4322 Allow profcollectd to search bootstrap bionic libs dir 
This is required in addition to reading files under the dir, so that
profcollectd can generate profiles for them.

Test: presubmit
Bug: 166559473
Change-Id: Ic46acab3cfc01c549e2f3ba5e765cb2c4ac8a197
 2021-03-02 12:39:44 +00:00
Yi Kong
262010754e Allow profcollectd to read bootstrap bionic libs 
... so that it can generate profiles for them.

Test: TreeHugger
Change-Id: I2c7b6d2c1d257852e25d6dbe8c5133c160635ea0
 2021-02-23 20:01:48 +00:00
Yi Kong
e9d2671e10 Allow profcollect to create/rmdir in its own data dir 
Test: boot
Bug: 79161490
Change-Id: Iee0ecd4193bddbbefc7b80ef2ef5f37266995283
 2021-02-18 17:20:21 +08:00
Yi Kong
0ac00727c3 Configs for profcollect system properties 
Test: build
Bug: 79161490
Change-Id: I83362b2089a54c4dcbf8da5a7720da8529ba1e34
 2020-10-27 03:46:31 +08:00
Yi Kong
4555123090 Policies for profcollectd 
Bug: 79161490
Test: run profcollect with enforcing
Change-Id: I19591dab7c5afb6ace066a3e2607cd290c0f43a6
 2020-09-08 12:29:47 +00:00
Yi Kong
239c85dd0d Add sepolicy for profcollectd 
This does not yet list all the required capabilities for profcollectd,
but it at least allows the service to start under permissive mode.

Bug: 79161490
Test: start profcollectd
Change-Id: I92c6192fa9b31840b2aba26f83a6dc9f9e835030
 2020-07-01 23:44:37 +08:00