Merge "Reland: perfetto: allow traced_probes to execute atrace"

52d7cc48 · Treehugger Robot · Gerrit Code Review · cd175e0e · feaf22b1 · 52d7cc48
Commit 52d7cc48 authored 7 years ago by Treehugger Robot Committed by Gerrit Code Review 7 years ago
--- a/private/atrace.te
+++ b/private/atrace.te
-# Domain for atrace process spawned by boottrace service.
+# Domain for atrace process.
+# It is spawned either by traced_probes or by init for the boottrace service.

+type atrace, domain, coredomain;
 type atrace_exec, exec_type, file_type;

-userdebug_or_eng(`
-  type atrace, domain, coredomain;
+# boottrace services uses /data/misc/boottrace/categories
+allow atrace boottrace_data_file:dir search;
+allow atrace boottrace_data_file:file r_file_perms;

-  init_daemon_domain(atrace)
+# Allow atrace to access tracefs.
+allow atrace debugfs_tracing:dir r_dir_perms;
+allow atrace debugfs_tracing:file rw_file_perms;
+allow atrace debugfs_trace_marker:file getattr;

-  # boottrace services uses /data/misc/boottrace/categories
-  allow atrace boottrace_data_file:dir search;
-  allow atrace boottrace_data_file:file r_file_perms;
+# atrace sets debug.atrace.* properties
+set_prop(atrace, debug_prop)

-  # Allow atrace to access tracefs.
-  allow atrace debugfs_tracing:dir r_dir_perms;
-  allow atrace debugfs_tracing:file rw_file_perms;
-  allow atrace debugfs_tracing_debug:dir r_dir_perms;
-  allow atrace debugfs_tracing_debug:file rw_file_perms;
-  allow atrace debugfs_trace_marker:file getattr;
+# atrace pokes all the binder-enabled processes at startup with a
+# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
+
+binder_use(atrace)
+allow atrace healthd:binder call;
+allow atrace surfaceflinger:binder call;
+get_prop(atrace, hwservicemanager_prop)

-  # atrace sets debug.atrace.* properties
-  set_prop(atrace, debug_prop)
+allow atrace {
+  service_manager_type
+  -incident_service
+  -netd_service
+  -stats_service
+  -dumpstate_service
+  -installd_service
+  -vold_service
+}:service_manager { find };
+allow atrace servicemanager:service_manager list;

-  # atrace pokes all the binder-enabled processes at startup.
-  binder_use(atrace)
-  allow atrace healthd:binder call;
-  allow atrace surfaceflinger:binder call;
+userdebug_or_eng(`
+  # atrace is generally invoked as a standalone binary from shell or perf
+  # daemons like Perfetto traced_probes. However, in userdebug builds, there is
+  # a further option to run atrace as an init daemon for boot tracing.
+  init_daemon_domain(atrace)
+
+  allow atrace debugfs_tracing_debug:dir r_dir_perms;
+  allow atrace debugfs_tracing_debug:file rw_file_perms;
 ')
--- a/private/domain.te
+++ b/private/domain.te
@@ -61,7 +61,7 @@ full_treble_only(`
  # tracefs
  neverallow {
    coredomain
-    userdebug_or_eng(`-atrace')
+    -atrace
    -dumpstate
    -init
    userdebug_or_eng(`-perfprofd')

--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -35,6 +35,14 @@ allow traced_probes kmsg_device:chr_file write;
 # Allow traced_probes to list the system partition.
 allow traced_probes system_file:dir { open read };

+# Allow traced_probes to run atrace. atrace pokes at system services to enable
+# their userspace TRACE macros.
+domain_auto_trans(traced_probes, atrace_exec, atrace);
+
+# This is needed for: path="/system/bin/linker64"
+# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
+allow atrace traced_probes:fd use;
+
 ###
 ### Neverallow rules
 ###