1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #if defined(__ANDROID__)
18 #include <android-base/properties.h>
19 #include <sys/prctl.h>
20 #endif
21
22 #include "command.h"
23 #include "environment.h"
24 #include "utils.h"
25
26 using namespace simpleperf;
27
28 #if defined(__ANDROID__)
29
AndroidSecurityCheck()30 bool AndroidSecurityCheck() {
31 if (IsRoot()) {
32 return true;
33 }
34 // Simpleperf can be executed by the shell, or by apps themselves. To avoid malicious apps
35 // exploiting perf_event_open interface via simpleperf, simpleperf needs proof that the user
36 // is expecting simpleperf to be ran:
37 // 1) On Android < 11, perf_event_open is secured by perf_event_allow_path, which is controlled
38 // by security.perf_harden property. perf_event_open syscall can be used only after user setting
39 // security.perf_harden to 0 in shell. So we don't need to check security.perf_harden explicitly.
40 // 2) On Android >= 11, perf_event_open may be controlled by selinux instead of
41 // perf_event_allow_path. So we need to check security.perf_harden explicitly. If simpleperf is
42 // running via shell, we already know the origin of the request is the user, so set the property
43 // ourselves for convenience. When started by the app, we won't have the permission to set the
44 // property, so the user will need to prove this intent by setting it manually via shell.
45 // 3) On Android >= 13, besides perf_harden property, we use persist properties to allow an app
46 // profiling itself even after device reboot. User needs to set the uid of the app which wants to
47 // profile itself. And the permission has an expiration time.
48 int android_version = GetAndroidVersion();
49 if (android_version >= 13) {
50 if (IsInAppUid() && android::base::GetUintProperty("persist.simpleperf.profile_app_uid", 0u,
51 UINT_MAX) == getuid()) {
52 if (android::base::GetUintProperty<uint64_t>("persist.simpleperf.profile_app_expiration_time",
53 0, UINT64_MAX) > time(nullptr)) {
54 return true;
55 }
56 }
57 }
58 if (android_version >= 11) {
59 std::string prop_name = "security.perf_harden";
60 if (android::base::GetProperty(prop_name, "") != "0") {
61 if (!android::base::SetProperty(prop_name, "0")) {
62 fprintf(stderr,
63 "failed to set system property security.perf_harden to 0.\n"
64 "Try using `adb shell setprop security.perf_harden 0` to allow profiling.\n");
65 return false;
66 }
67 }
68 }
69 return true;
70 }
71
72 #endif
73
main(int argc,char ** argv)74 int main(int argc, char** argv) {
75 #if defined(__ANDROID__)
76 if (!AndroidSecurityCheck()) {
77 return 1;
78 }
79 if (IsInAppUid()) {
80 // Disable core dump in app context to avoid leaking raw sample info.
81 prctl(PR_SET_DUMPABLE, 0);
82 }
83 #endif
84 RegisterAllCommands();
85 return RunSimpleperfCmd(argc, argv) ? 0 : 1;
86 }
87