aa9711f82b
Add policy for the perfprofd binder service. For now, only allow su to talk to it. Test: m Change-Id: I690f75460bf513cb326314cce633fa25453515d6
117 lines
4.3 KiB
Text
117 lines
4.3 KiB
Text
# perfprofd - perf profile collection daemon
|
|
type perfprofd, domain;
|
|
type perfprofd_exec, exec_type, file_type;
|
|
|
|
userdebug_or_eng(`
|
|
|
|
typeattribute perfprofd coredomain;
|
|
typeattribute perfprofd mlstrustedsubject;
|
|
|
|
# perfprofd access to sysfs directory structure.
|
|
allow perfprofd sysfs_type:dir search;
|
|
|
|
# perfprofd needs to control CPU hot-plug in order to avoid kernel
|
|
# perfevents problems in cases where CPU goes on/off during measurement;
|
|
# this means read access to /sys/devices/system/cpu/possible
|
|
# and read/write access to /sys/devices/system/cpu/cpu*/online
|
|
allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
|
|
|
|
# perfprofd checks for the existence of and then invokes simpleperf;
|
|
# simpleperf retains perfprofd domain after exec
|
|
allow perfprofd system_file:file rx_file_perms;
|
|
|
|
# perfprofd reads a config file from /data/data/com.google.android.gms/files
|
|
allow perfprofd app_data_file:file r_file_perms;
|
|
allow perfprofd app_data_file:dir search;
|
|
allow perfprofd self:global_capability_class_set { dac_override };
|
|
|
|
# perfprofd opens a file for writing in /data/misc/perfprofd
|
|
allow perfprofd perfprofd_data_file:file create_file_perms;
|
|
allow perfprofd perfprofd_data_file:dir rw_dir_perms;
|
|
|
|
# perfprofd uses the system log
|
|
read_logd(perfprofd);
|
|
write_logd(perfprofd);
|
|
|
|
# perfprofd inspects /sys/power/wake_unlock
|
|
wakelock_use(perfprofd);
|
|
|
|
# perfprofd looks at thermals.
|
|
allow perfprofd sysfs_thermal:dir r_dir_perms;
|
|
|
|
# perfprofd checks power_supply.
|
|
r_dir_file(perfprofd, sysfs_batteryinfo)
|
|
|
|
# simpleperf reads kernel notes.
|
|
allow perfprofd sysfs_kernel_notes:file r_file_perms;
|
|
|
|
# Simpleperf & perfprofd query a range of proc stats.
|
|
allow perfprofd proc_loadavg:file r_file_perms;
|
|
allow perfprofd proc_stat:file r_file_perms;
|
|
allow perfprofd proc_modules:file r_file_perms;
|
|
|
|
# simpleperf writes to perf_event_paranoid under /proc.
|
|
allow perfprofd proc_perf:file write;
|
|
|
|
# Simpleperf: kptr_restrict. This would be required to dump kernel symbols.
|
|
dontaudit perfprofd proc_security:file *;
|
|
|
|
# simpleperf uses ioctl() to turn on kernel perf events measurements
|
|
allow perfprofd self:global_capability_class_set sys_admin;
|
|
|
|
# simpleperf needs to examine /proc to collect task/thread info
|
|
r_dir_file(perfprofd, domain)
|
|
|
|
# simpleperf needs to access /proc/<pid>/exec
|
|
allow perfprofd self:global_capability_class_set { sys_resource sys_ptrace };
|
|
neverallow perfprofd domain:process ptrace;
|
|
|
|
# simpleperf needs open/read any file that turns up in a profile
|
|
# to see whether it has a build ID
|
|
allow perfprofd exec_type:file r_file_perms;
|
|
# App & ART artifacts.
|
|
r_dir_file(perfprofd, apk_data_file)
|
|
r_dir_file(perfprofd, dalvikcache_data_file)
|
|
# Vendor libraries.
|
|
r_dir_file(perfprofd, vendor_file)
|
|
# Vendor apps.
|
|
r_dir_file(perfprofd, vendor_app_file)
|
|
|
|
# simpleperf will set security.perf_harden to enable access to perf_event_open()
|
|
set_prop(perfprofd, shell_prop)
|
|
|
|
# simpleperf examines debugfs on startup to collect tracepoint event types
|
|
r_dir_file(perfprofd, debugfs_tracing)
|
|
allow perfprofd debugfs_tracing_debug:file r_file_perms;
|
|
|
|
# simpleperf is going to execute "sleep"
|
|
allow perfprofd toolbox_exec:file rx_file_perms;
|
|
|
|
# needed for simpleperf on some kernels
|
|
allow perfprofd self:global_capability_class_set ipc_lock;
|
|
|
|
# simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
|
|
# use the fallback cwd code, do not spam the log. But ensure this is correctly
|
|
# removed at some point. b/70232908.
|
|
dontaudit perfprofd shell_data_file:dir *;
|
|
dontaudit perfprofd shell_data_file:file *;
|
|
|
|
# Allow perfprofd to publish a binder service and make binder calls.
|
|
binder_use(perfprofd)
|
|
add_service(perfprofd, perfprofd_service)
|
|
|
|
# Use devpts for streams from cmd.
|
|
#
|
|
# This is normally granted to binderservicedomain, but this service
|
|
# has tighter restrictions on the callers (see below), so must enable
|
|
# this manually.
|
|
allow perfprofd devpts:chr_file rw_file_perms;
|
|
|
|
# Use socket & pipe supplied by su, for cmd perfprofd dump.
|
|
allow perfprofd su:unix_stream_socket { read write getattr sendto };
|
|
allow perfprofd su:fifo_file r_file_perms;
|
|
|
|
# For now, only allow su to communicate with us.
|
|
neverallow domain perfprofd:binder call;
|
|
neverallow perfprofd { domain -servicemanager -su }:binder call;
|
|
')
|