1 # Perfetto command-line client. Can be used only from the domains that are 2 # explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto). 3 # This command line client accesses the privileged socket of the traced 4 # daemon. 5 6 type perfetto, domain, coredomain; 7 type perfetto_exec, exec_type, file_type; 8 9 tmpfs_domain(perfetto); 10 11 # Allow to access traced's privileged consumer socket. 12 unix_socket_connect(perfetto, traced_consumer, traced) 13 14 # Allow to write and unlink traces into /data/misc/perfetto-traces. 15 allow perfetto perfetto_traces_data_file:dir rw_dir_perms; 16 allow perfetto perfetto_traces_data_file:file create_file_perms; 17 18 # Allow to access binder to pass the traces to Dropbox. 19 binder_use(perfetto) 20 binder_call(perfetto, system_server) 21 allow perfetto dropbox_service:service_manager find; 22 23 # Allow statsd and shell to pipe the trace config to perfetto on stdin and to 24 # print out on stdout/stderr. 25 allow perfetto statsd:fd use; 26 allow perfetto statsd:fifo_file { getattr read write }; 27 allow perfetto shell:fd use; 28 allow perfetto shell:fifo_file { getattr read write }; 29 30 # Allow to communicate use, read and write over the adb connection. 31 allow perfetto adbd:fd use; 32 allow perfetto adbd:unix_stream_socket { read write }; 33 34 # allow adbd to reap perfetto 35 allow perfetto adbd:process { sigchld }; 36 37 # Allow to access /dev/pts when launched in an adb shell. 38 allow perfetto devpts:chr_file rw_file_perms; 39 40 ### 41 ### Neverallow rules 42 ### 43 ### perfetto should NEVER do any of this 44 45 # Disallow mapping executable memory (execstack and exec are already disallowed 46 # globally in domain.te). 47 neverallow perfetto self:process execmem; 48 49 # Block device access. 50 neverallow perfetto dev_type:blk_file { read write }; 51 52 # ptrace any other process 53 neverallow perfetto domain:process ptrace; 54 55 # Disallows access to other /data files. 56 neverallow perfetto { 57 data_file_type 58 -system_data_file 59 # TODO(b/72998741) Remove exemption. Further restricted in a subsequent 60 # neverallow. Currently only getattr and search are allowed. 61 -vendor_data_file 62 -zoneinfo_data_file 63 -perfetto_traces_data_file 64 }:dir *; 65 neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search }; 66 neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms; 67 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *; 68 neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write; 69