1a9f4f7a7a
Instead of having statsd linking the perfetto client library and talk directly to its socket, we let just statsd exec() the /system/bin/perfetto cmdline client. There are two reasons for this: 1) Simplify the interaction between statsd and perfetto, reduce dependencies, binary size bloat and isolate faults. 2) The cmdline client also takes care of handing the trace to Dropbox. This allows to expose the binder interaction surface to the short-lived cmdline client and avoid to grant binder access to the perfetto traced daemon. This cmdline client will be used by: - statsd - the shell user (for our UI and Studio) Bug: 70942310 Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f
60 lines
2.2 KiB
Text
60 lines
2.2 KiB
Text
# Perfetto command-line client. Can be used only from the domains that are
|
|
# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
|
|
# This command line client accesses the privileged socket of the traced
|
|
# daemon.
|
|
|
|
type perfetto, domain, coredomain;
|
|
type perfetto_exec, exec_type, file_type;
|
|
|
|
tmpfs_domain(perfetto);
|
|
|
|
# Allow to access traced's privileged consumer socket.
|
|
unix_socket_connect(perfetto, traced_consumer, traced)
|
|
|
|
# Allow to write and unlink traces into /data/misc/perfetto-traces.
|
|
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
|
|
allow perfetto perfetto_traces_data_file:file create_file_perms;
|
|
|
|
# Allow to access binder to pass the traces to Dropbox.
|
|
binder_use(perfetto)
|
|
binder_call(perfetto, system_server)
|
|
allow perfetto dropbox_service:service_manager find;
|
|
|
|
# Allow statsd and shell to pipe the trace config to perfetto on stdin and to
|
|
# print out on stdout/stderr.
|
|
allow perfetto statsd:fd use;
|
|
allow perfetto statsd:fifo_file { getattr read write };
|
|
allow perfetto shell:fd use;
|
|
allow perfetto shell:fifo_file { getattr read write };
|
|
|
|
# Allow to communicate use, read and write over the adb connection.
|
|
allow perfetto adbd:fd use;
|
|
allow perfetto adbd:unix_stream_socket { read write };
|
|
|
|
# allow adbd to reap perfetto
|
|
allow perfetto adbd:process { sigchld };
|
|
|
|
# Allow to access /dev/pts when launched in an adb shell.
|
|
allow perfetto devpts:chr_file rw_file_perms;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### perfetto should NEVER do any of this
|
|
|
|
# Disallow mapping executable memory (execstack and exec are already disallowed
|
|
# globally in domain.te).
|
|
neverallow perfetto self:process execmem;
|
|
|
|
# Block device access.
|
|
neverallow perfetto dev_type:blk_file { read write };
|
|
|
|
# ptrace any other process
|
|
neverallow perfetto domain:process ptrace;
|
|
|
|
# Disallows access to other /data files.
|
|
neverallow perfetto { data_file_type -system_data_file -zoneinfo_data_file -perfetto_traces_data_file }:dir *;
|
|
neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
|
|
neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
|
|
neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
|
|
neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write;
|