6872b1db69
perfetto traced_probes executes atrace with a pipe for stdout/stderr.
That aleady works because atrace can `write` onto traced_probes's pipes.
Now traced_probes needs to invoke atrace at boot time. This revealed a
problem (I'm pretty sure it was an existing problem and it was
completely harmless):
```
02-23 22:00:41.951 605 605 I auditd : type=1400 audit(0.0:94): avc:
denied { getattr } for comm="atrace" path="pipe:[17964]" dev="pipefs"
ino=17964 scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0
tclass=fifo_file permissive=0
```
atrace doesn't just need `write` permissions on its
stdout/stderr pipes, it also needs `getattr` permissions (probably
because of [this][1]?)
[1]: https://cs.android.com/android/platform/superproject/+/master:bionic/libc/bionic/libc_init_common.cpp;l=156;drc=7a2386bf89f9bfd4e53eba9304e4239b3fdf0d06)
Bug: 219393750
Change-Id: I53b0f60cdd763863c834a883fbb77664e528dd15
80 lines
2.6 KiB
Text
80 lines
2.6 KiB
Text
# Domain for atrace process.
|
|
# It is spawned either by traced_probes or by init for the boottrace service.
|
|
|
|
type atrace_exec, exec_type, file_type, system_file_type;
|
|
|
|
# boottrace services uses /data/misc/boottrace/categories
|
|
allow atrace boottrace_data_file:dir search;
|
|
allow atrace boottrace_data_file:file r_file_perms;
|
|
|
|
# Allow atrace to access tracefs.
|
|
allow atrace debugfs_tracing:dir r_dir_perms;
|
|
allow atrace debugfs_tracing:file rw_file_perms;
|
|
allow atrace debugfs_trace_marker:file getattr;
|
|
|
|
# Allow atrace to write data when a pipe is used for stdout/stderr.
|
|
# This is used by Perfetto to capture atrace stdout/stderr.
|
|
allow atrace traced_probes:fd use;
|
|
allow atrace traced_probes:fifo_file { getattr write };
|
|
|
|
# atrace sets debug.atrace.* properties
|
|
set_prop(atrace, debug_prop)
|
|
|
|
# atrace pokes all the binder-enabled processes at startup with a
|
|
# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
|
|
|
|
# Allow discovery of binder services.
|
|
allow atrace {
|
|
service_manager_type
|
|
-apex_service
|
|
-dnsresolver_service
|
|
-dumpstate_service
|
|
-incident_service
|
|
-installd_service
|
|
-iorapd_service
|
|
-lpdump_service
|
|
-mdns_service
|
|
-netd_service
|
|
-stats_service
|
|
-tracingproxy_service
|
|
-vold_service
|
|
-default_android_service
|
|
}:service_manager { find };
|
|
allow atrace servicemanager:service_manager list;
|
|
|
|
# Allow notifying the processes hosting specific binder services that
|
|
# trace-related system properties have changed.
|
|
binder_use(atrace)
|
|
allow atrace surfaceflinger:binder call;
|
|
allow atrace system_server:binder call;
|
|
allow atrace cameraserver:binder call;
|
|
|
|
# Similarly, on debug builds, allow specific HALs to be notified that
|
|
# trace-related system properties have changed.
|
|
userdebug_or_eng(`
|
|
# List HAL interfaces.
|
|
allow atrace hwservicemanager:hwservice_manager list;
|
|
# Notify the camera HAL.
|
|
hal_client_domain(atrace, hal_camera)
|
|
hal_client_domain(atrace, hal_vibrator)
|
|
')
|
|
|
|
# Remove logspam from notification attempts to non-allowlisted services.
|
|
dontaudit atrace hwservice_manager_type:hwservice_manager find;
|
|
dontaudit atrace service_manager_type:service_manager find;
|
|
dontaudit atrace domain:binder call;
|
|
|
|
# atrace can call atrace HAL
|
|
hal_client_domain(atrace, hal_atrace)
|
|
|
|
get_prop(atrace, hwservicemanager_prop)
|
|
|
|
userdebug_or_eng(`
|
|
# atrace is generally invoked as a standalone binary from shell or perf
|
|
# daemons like Perfetto traced_probes. However, in userdebug builds, there is
|
|
# a further option to run atrace as an init daemon for boot tracing.
|
|
init_daemon_domain(atrace)
|
|
|
|
allow atrace debugfs_tracing_debug:dir r_dir_perms;
|
|
allow atrace debugfs_tracing_debug:file rw_file_perms;
|
|
')
|