45 lines
1.7 KiB
Text
45 lines
1.7 KiB
Text
# perfprofd - perf profile collection daemon
|
|
type perfprofd_exec, exec_type, file_type;
|
|
|
|
userdebug_or_eng(`
|
|
|
|
type perfprofd, domain, mlstrustedsubject;
|
|
|
|
init_daemon_domain(perfprofd)
|
|
|
|
# perfprofd needs to control CPU hot-plug in order to avoid kernel
|
|
# perfevents problems in cases where CPU goes on/off during measurement;
|
|
# this means read access to /sys/devices/system/cpu/possible
|
|
# and read/write access to /sys/devices/system/cpu/cpu*/online
|
|
allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
|
|
|
|
# perfprofd checks for the existence of and then invokes simpleperf;
|
|
# simpleperf retains perfprofd domain after exec
|
|
allow perfprofd system_file:file rx_file_perms;
|
|
|
|
# perfprofd reads a config file from /data/data/com.google.android.gms/files
|
|
# opens a file for writing in the same directory
|
|
allow perfprofd app_data_file:file rw_file_perms;
|
|
allow perfprofd app_data_file:dir rw_dir_perms;
|
|
|
|
# perfprofd looks for the existence of a semaphore file to determine
|
|
# whether collection is enabled/disabled (where the semphore file is
|
|
# created by some other entity, e.g. gms)
|
|
allow perfprofd app_data_file:dir search;
|
|
allow perfprofd self:capability { dac_override };
|
|
|
|
# perfprofd reads profiles from /data/data/..., encodes them,
|
|
# and then dumps the encoded profiles back to /data/data/....
|
|
allow perfprofd app_data_file:dir_file_class_set create_file_perms;
|
|
|
|
# perfprofd uses the system log
|
|
read_logd(perfprofd);
|
|
write_logd(perfprofd);
|
|
|
|
# simpleperf uses ioctl() to turn on kernel perf events measurements
|
|
allow perfprofd self:capability sys_admin;
|
|
|
|
# simpleperf is going to execute "sleep"
|
|
allow perfprofd toolbox_exec:file x_file_perms;
|
|
|
|
')
|