• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Performance profiler, backed by perf_event_open(2).
2# See go/perfetto-perf-android.
3typeattribute traced_perf coredomain;
4typeattribute traced_perf mlstrustedsubject;
5
6type traced_perf_exec, system_file_type, exec_type, file_type;
7
8init_daemon_domain(traced_perf)
9perfetto_producer(traced_perf)
10
11# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide
12# profiling, but retain samples only for profileable processes.
13# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH
14# check (which would require a process:attach SELinux allow-rule).
15allow traced_perf self:perf_event { open cpu kernel read write tracepoint };
16
17# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a
18# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of
19# sampled stacks, which requires opening the backing libraries/executables (as
20# symbols are usually not mapped into the process space). Not all such files
21# are world-readable, e.g. odex files that included user profiles during
22# profile-guided optimization.
23allow traced_perf self:capability { kill dac_read_search };
24
25# Allow reading /system/data/packages.list.
26allow traced_perf packages_list_file:file r_file_perms;
27
28# Allow reading files for stack unwinding and symbolization.
29r_dir_file(traced_perf, nativetest_data_file)
30r_dir_file(traced_perf, system_file_type)
31r_dir_file(traced_perf, apk_data_file)
32r_dir_file(traced_perf, dalvikcache_data_file)
33r_dir_file(traced_perf, vendor_file_type)
34
35# Do not audit the cases where traced_perf attempts to access /proc/[pid] for
36# domains that it cannot read.
37dontaudit traced_perf domain:dir { search getattr open };
38
39# Do not audit failures to signal a process, as there are cases when this is
40# expected (native processes on debug builds use the policy for enforcing which
41# processes are profileable).
42dontaudit traced_perf domain:process signal;
43
44# Never allow access to app data files
45neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
46
47# Never allow profiling highly privileged processes.
48never_profile_heap(`{
49  bpfloader
50  init
51  kernel
52  keystore
53  llkd
54  logd
55  ueventd
56  vendor_init
57  vold
58}')
59