| # perfprofd - perf profile collection daemon |
| type perfprofd, domain; |
| type perfprofd_exec, system_file_type, exec_type, file_type; |
| |
| userdebug_or_eng(` |
| |
| typeattribute perfprofd coredomain; |
| typeattribute perfprofd mlstrustedsubject; |
| |
| # perfprofd access to sysfs directory structure. |
| allow perfprofd sysfs_type:dir search; |
| |
| # perfprofd needs to control CPU hot-plug in order to avoid kernel |
| # perfevents problems in cases where CPU goes on/off during measurement; |
| # this means read access to /sys/devices/system/cpu/possible |
| # and read/write access to /sys/devices/system/cpu/cpu*/online |
| allow perfprofd sysfs_devices_system_cpu:file rw_file_perms; |
| |
| # perfprofd checks for the existence of and then invokes simpleperf; |
| # simpleperf retains perfprofd domain after exec |
| allow perfprofd system_file:file rx_file_perms; |
| |
| # perfprofd reads a config file from /data/data/com.google.android.gms/files |
| allow perfprofd { privapp_data_file app_data_file }:file r_file_perms; |
| allow perfprofd { privapp_data_file app_data_file }:dir search; |
| allow perfprofd self:global_capability_class_set { dac_override dac_read_search }; |
| |
| # perfprofd opens a file for writing in /data/misc/perfprofd |
| allow perfprofd perfprofd_data_file:file create_file_perms; |
| allow perfprofd perfprofd_data_file:dir rw_dir_perms; |
| |
| # perfprofd uses the system log |
| read_logd(perfprofd); |
| write_logd(perfprofd); |
| |
| # perfprofd inspects /sys/power/wake_unlock |
| wakelock_use(perfprofd); |
| |
| # perfprofd looks at thermals. |
| allow perfprofd sysfs_thermal:dir r_dir_perms; |
| |
| # perfprofd gets charging status. |
| hal_client_domain(perfprofd, hal_health) |
| |
| # simpleperf reads kernel notes. |
| allow perfprofd sysfs_kernel_notes:file r_file_perms; |
| |
| # Simpleperf & perfprofd query a range of proc stats. |
| allow perfprofd proc_loadavg:file r_file_perms; |
| allow perfprofd proc_stat:file r_file_perms; |
| allow perfprofd proc_modules:file r_file_perms; |
| |
| # simpleperf writes to perf_event_paranoid under /proc. |
| allow perfprofd proc_perf:file write; |
| |
| # Simpleperf: kptr_restrict. This would be required to dump kernel symbols. |
| dontaudit perfprofd proc_security:file *; |
| |
| # simpleperf uses ioctl() to turn on kernel perf events measurements |
| allow perfprofd self:global_capability_class_set sys_admin; |
| |
| # simpleperf needs to examine /proc to collect task/thread info |
| r_dir_file(perfprofd, domain) |
| |
| # simpleperf needs to access /proc/<pid>/exec |
| allow perfprofd self:global_capability_class_set { sys_resource sys_ptrace }; |
| neverallow perfprofd domain:process ptrace; |
| |
| # simpleperf needs open/read any file that turns up in a profile |
| # to see whether it has a build ID |
| allow perfprofd exec_type:file r_file_perms; |
| # App & ART artifacts. |
| r_dir_file(perfprofd, apk_data_file) |
| r_dir_file(perfprofd, dalvikcache_data_file) |
| # Vendor libraries. |
| r_dir_file(perfprofd, vendor_file) |
| # Vendor apps. |
| r_dir_file(perfprofd, vendor_app_file) |
| |
| # simpleperf will set security.perf_harden to enable access to perf_event_open() |
| set_prop(perfprofd, shell_prop) |
| |
| # simpleperf examines debugfs on startup to collect tracepoint event types |
| r_dir_file(perfprofd, debugfs_tracing) |
| r_dir_file(perfprofd, debugfs_tracing_debug) |
| |
| # simpleperf is going to execute "sleep" |
| allow perfprofd toolbox_exec:file rx_file_perms; |
| # simpleperf is going to execute "mv" on a temp file |
| allow perfprofd shell_exec:file rx_file_perms; |
| |
| # needed for simpleperf on some kernels |
| allow perfprofd self:global_capability_class_set ipc_lock; |
| |
| # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow, |
| # use the fallback cwd code, do not spam the log. But ensure this is correctly |
| # removed at some point. b/70232908. |
| dontaudit perfprofd shell_data_file:dir *; |
| dontaudit perfprofd shell_data_file:file *; |
| |
| # Allow perfprofd to publish a binder service and make binder calls. |
| binder_use(perfprofd) |
| add_service(perfprofd, perfprofd_service) |
| |
| # Use devpts for streams from cmd. |
| # |
| # This is normally granted to binderservicedomain, but this service |
| # has tighter restrictions on the callers (see below), so must enable |
| # this manually. |
| allow perfprofd devpts:chr_file rw_file_perms; |
| |
| # Use socket & pipe supplied by su, for cmd perfprofd dump. |
| allow perfprofd su:unix_stream_socket { read write getattr sendto }; |
| allow perfprofd su:fifo_file r_file_perms; |
| |
| # Allow perfprofd to submit to dropbox. |
| allow perfprofd dropbox_service:service_manager find; |
| binder_call(perfprofd, system_server) |
| ') |