private/traced_perf.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # Performance profiler, backed by perf_event_open(2).
 # See go/perfetto-perf-android.
 typeattribute traced_perf coredomain;
 typeattribute traced_perf mlstrustedsubject;

 type traced_perf_exec, system_file_type, exec_type, file_type;

 init_daemon_domain(traced_perf)
 perfetto_producer(traced_perf)

 # Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide
 # profiling, but retain samples only for profileable processes.
 # Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH
 # check (which would require a process:attach SELinux allow-rule).
 allow traced_perf self:perf_event { open cpu kernel read write tracepoint };

 # Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a
 # process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of
 # sampled stacks, which requires opening the backing libraries/executables (as
 # symbols are usually not mapped into the process space). Not all such files
 # are world-readable, e.g. odex files that included user profiles during
 # profile-guided optimization.
 allow traced_perf self:capability { kill dac_read_search };

 # Allow reading /system/data/packages.list.
 allow traced_perf packages_list_file:file r_file_perms;

 # Allow reading files for stack unwinding and symbolization.
 r_dir_file(traced_perf, nativetest_data_file)
 r_dir_file(traced_perf, system_file_type)
 r_dir_file(traced_perf, apk_data_file)
 r_dir_file(traced_perf, dalvikcache_data_file)
 r_dir_file(traced_perf, vendor_file_type)
 # ART apex files and directory access to the containing /data/misc/apexdata.
 r_dir_file(traced_perf, apex_art_data_file)
 allow traced_perf apex_module_data_file:dir { getattr search };

 # Allow to temporarily lift the kptr_restrict setting and build a symbolization
 # map reading /proc/kallsyms.
 userdebug_or_eng(`set_prop(traced_perf, lower_kptr_restrict_prop)')
 allow traced_perf proc_kallsyms:file r_file_perms;

 # Allow reading tracefs files to get the format and numeric ids of tracepoints.
 allow traced_perf debugfs_tracing:dir r_dir_perms;
 allow traced_perf debugfs_tracing:file r_file_perms;
 userdebug_or_eng(`
   allow traced_perf debugfs_tracing_debug:dir r_dir_perms;
   allow traced_perf debugfs_tracing_debug:file r_file_perms;
 ')

 # Do not audit the cases where traced_perf attempts to access /proc/[pid] for
 # domains that it cannot read.
 dontaudit traced_perf domain:dir { search getattr open };

 # Do not audit failures to signal a process, as there are cases when this is
 # expected (native processes on debug builds use the policy for enforcing which
 # processes are profileable).
 dontaudit traced_perf domain:process signal;

 # Never allow access to app data files
 neverallow traced_perf app_data_file_type:file *;

 # Never allow profiling privileged or otherwise incompatible domains.
 # Corresponding allow-rule is in private/domain.te.
 never_profile_perf(`{
   apexd
   app_zygote
   bpfloader
   hal_configstore_server
   init
   kernel
   keystore
   llkd
   logd
   ueventd
   vendor_init
   vold
   webview_zygote
   zygote
 }')
	# Performance profiler, backed by perf_event_open(2).
	# See go/perfetto-perf-android.
	typeattribute traced_perf coredomain;
	typeattribute traced_perf mlstrustedsubject;

	type traced_perf_exec, system_file_type, exec_type, file_type;

	init_daemon_domain(traced_perf)
	perfetto_producer(traced_perf)

	# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide
	# profiling, but retain samples only for profileable processes.
	# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH
	# check (which would require a process:attach SELinux allow-rule).
	allow traced_perf self:perf_event { open cpu kernel read write tracepoint };

	# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a
	# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of
	# sampled stacks, which requires opening the backing libraries/executables (as
	# symbols are usually not mapped into the process space). Not all such files
	# are world-readable, e.g. odex files that included user profiles during
	# profile-guided optimization.
	allow traced_perf self:capability { kill dac_read_search };

	# Allow reading /system/data/packages.list.
	allow traced_perf packages_list_file:file r_file_perms;

	# Allow reading files for stack unwinding and symbolization.
	r_dir_file(traced_perf, nativetest_data_file)
	r_dir_file(traced_perf, system_file_type)
	r_dir_file(traced_perf, apk_data_file)
	r_dir_file(traced_perf, dalvikcache_data_file)
	r_dir_file(traced_perf, vendor_file_type)
	# ART apex files and directory access to the containing /data/misc/apexdata.
	r_dir_file(traced_perf, apex_art_data_file)
	allow traced_perf apex_module_data_file:dir { getattr search };

	# Allow to temporarily lift the kptr_restrict setting and build a symbolization
	# map reading /proc/kallsyms.
	userdebug_or_eng(`set_prop(traced_perf, lower_kptr_restrict_prop)')
	allow traced_perf proc_kallsyms:file r_file_perms;

	# Allow reading tracefs files to get the format and numeric ids of tracepoints.
	allow traced_perf debugfs_tracing:dir r_dir_perms;
	allow traced_perf debugfs_tracing:file r_file_perms;
	userdebug_or_eng(`
	allow traced_perf debugfs_tracing_debug:dir r_dir_perms;
	allow traced_perf debugfs_tracing_debug:file r_file_perms;
	')

	# Do not audit the cases where traced_perf attempts to access /proc/[pid] for
	# domains that it cannot read.
	dontaudit traced_perf domain:dir { search getattr open };

	# Do not audit failures to signal a process, as there are cases when this is
	# expected (native processes on debug builds use the policy for enforcing which
	# processes are profileable).
	dontaudit traced_perf domain:process signal;

	# Never allow access to app data files
	neverallow traced_perf app_data_file_type:file *;

	# Never allow profiling privileged or otherwise incompatible domains.
	# Corresponding allow-rule is in private/domain.te.
	never_profile_perf(`{
	apexd
	app_zygote
	bpfloader
	hal_configstore_server
	init
	kernel
	keystore
	llkd
	logd
	ueventd
	vendor_init
	vold
	webview_zygote
	zygote
	}')