Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container Registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
ccc8608c
Commit
ccc8608c
authored
9 years ago
by
Than McIntosh
Committed by
Gerrit Code Review
9 years ago
Browse files
Options
Downloads
Plain Diff
Merge "New sepolicy for perfprofd, simpleperf."
parents
6780dfee
0fdd364e
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
file_contexts
+2
-0
2 additions, 0 deletions
file_contexts
perfprofd.te
+45
-0
45 additions, 0 deletions
perfprofd.te
with
47 additions
and
0 deletions
file_contexts
+
2
−
0
View file @
ccc8608c
...
...
@@ -159,6 +159,8 @@
/system/bin/racoon u:object_r:racoon_exec:s0
/system/xbin/su u:object_r:su_exec:s0
/system/xbin/procrank u:object_r:procrank_exec:s0
/system/xbin/perfprofd u:object_r:perfprofd_exec:s0
/system/xbin/simpleperf u:object_r:system_file:s0
/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/hostapd u:object_r:hostapd_exec:s0
...
...
This diff is collapsed.
Click to expand it.
perfprofd.te
0 → 100644
+
45
−
0
View file @
ccc8608c
# perfprofd - perf profile collection daemon
type perfprofd_exec, exec_type, file_type;
userdebug_or_eng(`
type perfprofd, domain, mlstrustedsubject;
init_daemon_domain(perfprofd)
# perfprofd needs to control CPU hot-plug in order to avoid kernel
# perfevents problems in cases where CPU goes on/off during measurement;
# this means read access to /sys/devices/system/cpu/possible
# and read/write access to /sys/devices/system/cpu/cpu*/online
allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
# perfprofd checks for the existence of and then invokes simpleperf;
# simpleperf retains perfprofd domain after exec
allow perfprofd system_file:file rx_file_perms;
# perfprofd reads a config file from /data/data/com.google.android.gms/files
# opens a file for writing in the same directory
allow perfprofd app_data_file:file rw_file_perms;
allow perfprofd app_data_file:dir rw_dir_perms;
# perfprofd looks for the existence of a semaphore file to determine
# whether collection is enabled/disabled (where the semphore file is
# created by some other entity, e.g. gms)
allow perfprofd app_data_file:dir search;
allow perfprofd self:capability { dac_override };
# perfprofd reads profiles from /data/data/..., encodes them,
# and then dumps the encoded profiles back to /data/data/....
allow perfprofd app_data_file:dir_file_class_set create_file_perms;
# perfprofd uses the system log
read_logd(perfprofd);
write_logd(perfprofd);
# simpleperf uses ioctl() to turn on kernel perf events measurements
allow perfprofd self:capability sys_admin;
# simpleperf is going to execute "sleep"
allow perfprofd toolbox_exec:file x_file_perms;
')
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
