1# Perfetto command-line client. Can be used only from the domains that are 2# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto). 3# This command line client accesses the privileged socket of the traced 4# daemon. 5 6type perfetto_exec, system_file_type, exec_type, file_type; 7type perfetto_tmpfs, file_type; 8 9tmpfs_domain(perfetto); 10 11# Allow to access traced's privileged consumer socket. 12unix_socket_connect(perfetto, traced_consumer, traced) 13 14# Connect to the Perfetto traced daemon as a producer. This requires 15# connecting to its producer socket and obtaining a (per-process) tmpfs fd. 16allow perfetto traced:fd use; 17allow perfetto traced_tmpfs:file { read write getattr map }; 18unix_socket_connect(perfetto, traced_producer, traced) 19 20 21# Allow to write and unlink traces into /data/misc/perfetto-traces. 22allow perfetto perfetto_traces_data_file:dir rw_dir_perms; 23allow perfetto perfetto_traces_data_file:file create_file_perms; 24 25# Allow to access binder to pass the traces to Dropbox. 26binder_use(perfetto) 27binder_call(perfetto, system_server) 28allow perfetto dropbox_service:service_manager find; 29 30# Allow perfetto to read the trace config from statsd and shell 31# (both root and non-root) on stdin and also to write the resulting trace to 32# stdout. 33allow perfetto { statsd shell su }:fd use; 34allow perfetto { statsd shell su }:fifo_file { getattr read write }; 35 36# Allow to communicate use, read and write over the adb connection. 37allow perfetto adbd:fd use; 38allow perfetto adbd:unix_stream_socket { read write }; 39 40# Allow adbd to reap perfetto 41allow perfetto adbd:process { sigchld }; 42 43# Allow to access /dev/pts when launched in an adb shell. 44allow perfetto devpts:chr_file rw_file_perms; 45 46# Allow perfetto to ask incidentd to start a report. 47# TODO(b/134706389): remove when no longer used. 48userdebug_or_eng(` 49 allow perfetto incident_service:service_manager find; 50 binder_call(perfetto, incidentd) 51'); 52 53### 54### Neverallow rules 55### 56### perfetto should NEVER do any of this 57 58# Disallow mapping executable memory (execstack and exec are already disallowed 59# globally in domain.te). 60neverallow perfetto self:process execmem; 61 62# Block device access. 63neverallow perfetto dev_type:blk_file { read write }; 64 65# ptrace any other process 66neverallow perfetto domain:process ptrace; 67 68# Disallows access to other /data files. 69neverallow perfetto { 70 data_file_type 71 -system_data_file 72 # TODO(b/72998741) Remove exemption. Further restricted in a subsequent 73 # neverallow. Currently only getattr and search are allowed. 74 -vendor_data_file 75 -zoneinfo_data_file 76 -perfetto_traces_data_file 77 with_native_coverage(`-method_trace_data_file') 78}:dir *; 79neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search }; 80neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms; 81neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *; 82neverallow perfetto { 83 data_file_type 84 -zoneinfo_data_file 85 -perfetto_traces_data_file 86 with_native_coverage(`-method_trace_data_file') 87}:file ~write; 88