Home | History | Annotate | Download | only in private 
      1 # Perfetto command-line client. Can be used only from the domains that are
      2 # explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto).
      3 # This command line client accesses the privileged socket of the traced
      4 # daemon.
      5 
      6 type perfetto, domain, coredomain;
      7 type perfetto_exec, exec_type, file_type;
      8 
      9 tmpfs_domain(perfetto);
     10 
     11 # Allow to access traced's privileged consumer socket.
     12 unix_socket_connect(perfetto, traced_consumer, traced)
     13 
     14 # Allow to write and unlink traces into /data/misc/perfetto-traces.
     15 allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
     16 allow perfetto perfetto_traces_data_file:file create_file_perms;
     17 
     18 # Allow to access binder to pass the traces to Dropbox.
     19 binder_use(perfetto)
     20 binder_call(perfetto, system_server)
     21 allow perfetto dropbox_service:service_manager find;
     22 
     23 # Allow statsd and shell to pipe the trace config to perfetto on stdin and to
     24 # print out on stdout/stderr.
     25 allow perfetto statsd:fd use;
     26 allow perfetto statsd:fifo_file { getattr read write };
     27 allow perfetto shell:fd use;
     28 allow perfetto shell:fifo_file { getattr read write };
     29 
     30 # Allow to communicate use, read and write over the adb connection.
     31 allow perfetto adbd:fd use;
     32 allow perfetto adbd:unix_stream_socket { read write };
     33 
     34 # allow adbd to reap perfetto
     35 allow perfetto adbd:process { sigchld };
     36 
     37 # Allow to access /dev/pts when launched in an adb shell.
     38 allow perfetto devpts:chr_file rw_file_perms;
     39 
     40 ###
     41 ### Neverallow rules
     42 ###
     43 ### perfetto should NEVER do any of this
     44 
     45 # Disallow mapping executable memory (execstack and exec are already disallowed
     46 # globally in domain.te).
     47 neverallow perfetto self:process execmem;
     48 
     49 # Block device access.
     50 neverallow perfetto dev_type:blk_file { read write };
     51 
     52 # ptrace any other process
     53 neverallow perfetto domain:process ptrace;
     54 
     55 # Disallows access to other /data files.
     56 neverallow perfetto {
     57   data_file_type
     58   -system_data_file
     59   # TODO(b/72998741) Remove exemption. Further restricted in a subsequent
     60   # neverallow. Currently only getattr and search are allowed.
     61   -vendor_data_file
     62   -zoneinfo_data_file
     63   -perfetto_traces_data_file
     64 }:dir *;
     65 neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
     66 neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
     67 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
     68 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write;
     69