Merge "Reland: perfetto: allow traced_probes to execute atrace" into pi-dev

ad60c564 · Primiano Tucci · Android (Google) Code Review · 16d28d0f · f3fd4d6b · ad60c564
Commit ad60c564 authored 7 years ago by Primiano Tucci Committed by Android (Google) Code Review 7 years ago
--- a/private/atrace.te
+++ b/private/atrace.te
-# Domain for atrace process spawned by boottrace service.
+# Domain for atrace process.
+# It is spawned either by traced_probes or by init for the boottrace service.
-type atrace_exec, exec_type, file_type;
-userdebug_or_eng(`
 type atrace, domain, coredomain;
+type atrace_exec, exec_type, file_type;
-  init_daemon_domain(atrace)
 # boottrace services uses /data/misc/boottrace/categories
 allow atrace boottrace_data_file:dir search;
@@ -14,15 +11,36 @@ userdebug_or_eng(`
 # Allow atrace to access tracefs.
 allow atrace debugfs_tracing:dir r_dir_perms;
 allow atrace debugfs_tracing:file rw_file_perms;
-  allow atrace debugfs_tracing_debug:dir r_dir_perms;
-  allow atrace debugfs_tracing_debug:file rw_file_perms;
 allow atrace debugfs_trace_marker:file getattr;
 # atrace sets debug.atrace.* properties
 set_prop(atrace, debug_prop)
-  # atrace pokes all the binder-enabled processes at startup.
+# atrace pokes all the binder-enabled processes at startup with a
+# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
 binder_use(atrace)
 allow atrace healthd:binder call;
 allow atrace surfaceflinger:binder call;
+get_prop(atrace, hwservicemanager_prop)
+allow atrace {
+  service_manager_type
+  -incident_service
+  -netd_service
+  -stats_service
+  -dumpstate_service
+  -installd_service
+  -vold_service
+}:service_manager { find };
+allow atrace servicemanager:service_manager list;
+userdebug_or_eng(`
+  # atrace is generally invoked as a standalone binary from shell or perf
+  # daemons like Perfetto traced_probes. However, in userdebug builds, there is
+  # a further option to run atrace as an init daemon for boot tracing.
+  init_daemon_domain(atrace)
+  allow atrace debugfs_tracing_debug:dir r_dir_perms;
+  allow atrace debugfs_tracing_debug:file rw_file_perms;
 ')
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -4,6 +4,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
  ( adbd_exec
+    atrace
    binder_calls_stats_service
    bootloader_boot_reason_prop
    blank_screen

--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -3,7 +3,8 @@
 ;;   previous ones.  Add here to pass checkapi tests.
 (typeattribute new_objects)
 (typeattributeset new_objects
-  ( binder_calls_stats_service
+  ( atrace
+    binder_calls_stats_service
    blank_screen
    blank_screen_exec
    blank_screen_tmpfs

--- a/private/domain.te
+++ b/private/domain.te
@@ -61,7 +61,7 @@ full_treble_only(`
  # tracefs
  neverallow {
    coredomain
-    userdebug_or_eng(`-atrace')
+    -atrace
    -dumpstate
    -init
    userdebug_or_eng(`-perfprofd')

--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -35,6 +35,14 @@ allow traced_probes kmsg_device:chr_file write;
 # Allow traced_probes to list the system partition.
 allow traced_probes system_file:dir { open read };
+# Allow traced_probes to run atrace. atrace pokes at system services to enable
+# their userspace TRACE macros.
+domain_auto_trans(traced_probes, atrace_exec, atrace);
+# This is needed for: path="/system/bin/linker64"
+# scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
+allow atrace traced_probes:fd use;
 ###
 ### Neverallow rules
 ###