• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Domain used when running /system/bin/simpleperf to profile a specific app.
2# Entered either by the app itself exec-ing the binary, or through
3# simpleperf_app_runner (with shell as its origin). Certain other domains
4# (runas_app, shell) can also exec this binary without a domain transition.
5typeattribute simpleperf coredomain;
6type simpleperf_exec, system_file_type, exec_type, file_type;
7
8domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
9
10# When running in this domain, simpleperf is scoped to profiling an individual
11# app. The necessary MAC permissions for profiling are more maintainable and
12# consistent if simpleperf is marked as an app domain as well (as, for example,
13# it will then see the same set of system libraries as the app).
14app_domain(simpleperf)
15untrusted_app_domain(simpleperf)
16
17# Allow ptrace attach to the target app, for reading JIT debug info (using
18# process_vm_readv) during unwinding and symbolization.
19allow simpleperf untrusted_app_all:process ptrace;
20
21# Allow using perf_event_open syscall for profiling the target app.
22allow simpleperf self:perf_event { open read write kernel };
23
24# Allow /proc/<pid> access for the target app (for example, when trying to
25# discover it by cmdline).
26r_dir_file(simpleperf, untrusted_app_all)
27
28# Suppress denial logspam when simpleperf is trying to find a matching process
29# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
30# the same domain as their respective processes, most of which this domain is
31# not allowed to see.
32dontaudit simpleperf domain:dir search;
33
34# Neverallows:
35
36# Profiling must be confined to the scope of an individual app.
37neverallow simpleperf self:perf_event ~{ open read write kernel };
38