Home | History | Annotate | Download | only in public 
      1 # perfprofd - perf profile collection daemon
      2 type perfprofd, domain;
      3 type perfprofd_exec, exec_type, file_type;
      4 
      5 userdebug_or_eng(`
      6 
      7   typeattribute perfprofd coredomain;
      8   typeattribute perfprofd mlstrustedsubject;
      9 
     10   # perfprofd access to sysfs directory structure.
     11   allow perfprofd sysfs_type:dir search;
     12 
     13   # perfprofd needs to control CPU hot-plug in order to avoid kernel
     14   # perfevents problems in cases where CPU goes on/off during measurement;
     15   # this means read access to /sys/devices/system/cpu/possible
     16   # and read/write access to /sys/devices/system/cpu/cpu*/online
     17   allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
     18 
     19   # perfprofd checks for the existence of and then invokes simpleperf;
     20   # simpleperf retains perfprofd domain after exec
     21   allow perfprofd system_file:file rx_file_perms;
     22 
     23   # perfprofd reads a config file from /data/data/com.google.android.gms/files
     24   allow perfprofd app_data_file:file r_file_perms;
     25   allow perfprofd app_data_file:dir search;
     26   allow perfprofd self:global_capability_class_set { dac_override };
     27 
     28   # perfprofd opens a file for writing in /data/misc/perfprofd
     29   allow perfprofd perfprofd_data_file:file create_file_perms;
     30   allow perfprofd perfprofd_data_file:dir rw_dir_perms;
     31 
     32   # perfprofd uses the system log
     33   read_logd(perfprofd);
     34   write_logd(perfprofd);
     35 
     36   # perfprofd inspects /sys/power/wake_unlock
     37   wakelock_use(perfprofd);
     38 
     39   # perfprofd looks at thermals.
     40   allow perfprofd sysfs_thermal:dir r_dir_perms;
     41 
     42   # perfprofd checks power_supply.
     43   r_dir_file(perfprofd, sysfs_batteryinfo)
     44 
     45   # simpleperf reads kernel notes.
     46   allow perfprofd sysfs_kernel_notes:file r_file_perms;
     47 
     48   # Simpleperf & perfprofd query a range of proc stats.
     49   allow perfprofd proc_loadavg:file r_file_perms;
     50   allow perfprofd proc_stat:file r_file_perms;
     51   allow perfprofd proc_modules:file r_file_perms;
     52 
     53   # simpleperf writes to perf_event_paranoid under /proc.
     54   allow perfprofd proc_perf:file write;
     55 
     56   # Simpleperf: kptr_restrict. This would be required to dump kernel symbols.
     57   dontaudit perfprofd proc_security:file *;
     58 
     59   # simpleperf uses ioctl() to turn on kernel perf events measurements
     60   allow perfprofd self:global_capability_class_set sys_admin;
     61 
     62   # simpleperf needs to examine /proc to collect task/thread info
     63   r_dir_file(perfprofd, domain)
     64 
     65   # simpleperf needs to access /proc/<pid>/exec
     66   allow perfprofd self:global_capability_class_set { sys_resource sys_ptrace };
     67   neverallow perfprofd domain:process ptrace;
     68 
     69   # simpleperf needs open/read any file that turns up in a profile
     70   # to see whether it has a build ID
     71   allow perfprofd exec_type:file r_file_perms;
     72   # App & ART artifacts.
     73   r_dir_file(perfprofd, apk_data_file)
     74   r_dir_file(perfprofd, dalvikcache_data_file)
     75   # Vendor libraries.
     76   r_dir_file(perfprofd, vendor_file)
     77   # Vendor apps.
     78   r_dir_file(perfprofd, vendor_app_file)
     79 
     80   # simpleperf will set security.perf_harden to enable access to perf_event_open()
     81   set_prop(perfprofd, shell_prop)
     82 
     83   # simpleperf examines debugfs on startup to collect tracepoint event types
     84   r_dir_file(perfprofd, debugfs_tracing)
     85   r_dir_file(perfprofd, debugfs_tracing_debug)
     86 
     87   # simpleperf is going to execute "sleep"
     88   allow perfprofd toolbox_exec:file rx_file_perms;
     89   # simpleperf is going to execute "mv" on a temp file
     90   allow perfprofd shell_exec:file rx_file_perms;
     91 
     92   # needed for simpleperf on some kernels
     93   allow perfprofd self:global_capability_class_set ipc_lock;
     94 
     95   # simpleperf attempts to put a temp file into /data/local/tmp. Do not allow,
     96   # use the fallback cwd code, do not spam the log. But ensure this is correctly
     97   # removed at some point. b/70232908.
     98   dontaudit perfprofd shell_data_file:dir *;
     99   dontaudit perfprofd shell_data_file:file *;
    100 
    101   # Allow perfprofd to publish a binder service and make binder calls.
    102   binder_use(perfprofd)
    103   add_service(perfprofd, perfprofd_service)
    104 
    105   # Use devpts for streams from cmd.
    106   #
    107   # This is normally granted to binderservicedomain, but this service
    108   # has tighter restrictions on the callers (see below), so must enable
    109   # this manually.
    110   allow perfprofd devpts:chr_file rw_file_perms;
    111 
    112   # Use socket & pipe supplied by su, for cmd perfprofd dump.
    113   allow perfprofd su:unix_stream_socket { read write getattr sendto };
    114   allow perfprofd su:fifo_file r_file_perms;
    115 
    116   # Allow perfprofd to submit to dropbox.
    117   allow perfprofd dropbox_service:service_manager find;
    118   binder_call(perfprofd, system_server)
    119 ')
    120