c80f9e037b
Perfetto is a performance instrumentation and logging framework,
living in AOSP's /external/pefetto.
Perfetto introduces in the system one binary and two daemons
(the binary can specialize in either depending on the cmdline).
1) traced: unprivileged daemon. This is architecturally similar to logd.
It exposes two UNIX sockets:
- /dev/socket/traced_producer : world-accessible, allows to stream
tracing data. A tmpfs file descriptor is sent via SCM_RIGHTS
from traced to each client process, which needs to be able to
mmap it R/W (but not X)
- /dev/socket/traced_consumer : privilege-accessible (only from:
shell, statsd). It allows to configure tracing and read the trace
buffer.
2) traced_probes: privileged daemon. This needs to:
- access tracingfs (/d/tracing) to turn tracing on and off.
- exec atrace
- connect to traced_producer to stream data to traced.
init.rc file:
https://android-review.googlesource.com/c/platform/external/perfetto/+/575382/14/perfetto.rc
Bug: 70942310
Change-Id: Ia3b5fdacbd5a8e6e23b82f1d6fabfa07e4abc405
38 lines
1.4 KiB
Text
38 lines
1.4 KiB
Text
# Perfetto user-space tracing daemon (unprivileged)
|
|
type traced, domain, coredomain;
|
|
type traced_exec, exec_type, file_type;
|
|
|
|
# Allow init to exec the daemon.
|
|
init_daemon_domain(traced)
|
|
|
|
# Allow traced to start with a lower scheduling class and change
|
|
# class accordingly to what defined in the config provided by
|
|
# the privileged process that controls it.
|
|
allow traced self:global_capability_class_set { sys_nice };
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### traced should NEVER do any of this
|
|
|
|
# Disallow mapping executable memory (execstack and exec are already disallowed
|
|
# globally in domain.te).
|
|
neverallow traced self:process execmem;
|
|
|
|
# Block device access.
|
|
neverallow traced dev_type:blk_file { read write };
|
|
|
|
# ptrace any other process
|
|
neverallow traced domain:process ptrace;
|
|
|
|
# Disallows access to /data files, still allowing to write to file descriptors
|
|
# passed through the socket.
|
|
neverallow traced { data_file_type -system_data_file -zoneinfo_data_file }:dir *;
|
|
neverallow traced system_data_file:dir ~{ getattr search };
|
|
neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
|
|
neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *;
|
|
neverallow traced { data_file_type -zoneinfo_data_file }:file ~write;
|
|
|
|
# Only init is allowed to enter the traced domain via exec()
|
|
neverallow { domain -init } traced:process transition;
|
|
neverallow * traced:process dyntransition;
|