1# Performance profiler, backed by perf_event_open(2). 2# See go/perfetto-perf-android. 3typeattribute traced_perf coredomain; 4typeattribute traced_perf mlstrustedsubject; 5 6type traced_perf_exec, system_file_type, exec_type, file_type; 7 8init_daemon_domain(traced_perf) 9perfetto_producer(traced_perf) 10 11# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide 12# profiling, but retain samples only for profileable processes. 13# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH 14# check (which would require a process:attach SELinux allow-rule). 15allow traced_perf self:perf_event { open cpu kernel read write tracepoint }; 16 17# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a 18# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of 19# sampled stacks, which requires opening the backing libraries/executables (as 20# symbols are usually not mapped into the process space). Not all such files 21# are world-readable, e.g. odex files that included user profiles during 22# profile-guided optimization. 23allow traced_perf self:capability { kill dac_read_search }; 24 25# Allow reading /system/data/packages.list. 26allow traced_perf packages_list_file:file r_file_perms; 27 28# Allow reading files for stack unwinding and symbolization. 29r_dir_file(traced_perf, nativetest_data_file) 30r_dir_file(traced_perf, system_file_type) 31r_dir_file(traced_perf, apk_data_file) 32r_dir_file(traced_perf, dalvikcache_data_file) 33r_dir_file(traced_perf, vendor_file_type) 34# ART apex files and directory access to the containing /data/misc/apexdata. 35r_dir_file(traced_perf, apex_art_data_file) 36allow traced_perf apex_module_data_file:dir { getattr search }; 37 38# For kernel address symbolisation. Allow reading from /proc/kallsyms inherited 39# from init, as well as separately opening and locking the file for 40# coordinating the use of that shared fd. 41# On debuggable builds, allow using lower_kptr_restrict_prop to temporarily 42# lift kptr_restrict systemwide. 43userdebug_or_eng(`set_prop(traced_perf, lower_kptr_restrict_prop)') 44allow traced_perf proc_kallsyms:file { open read lock }; 45 46# Allow reading tracefs files to get the format and numeric ids of tracepoints. 47allow traced_perf debugfs_tracing:dir r_dir_perms; 48allow traced_perf debugfs_tracing:file r_file_perms; 49userdebug_or_eng(` 50 allow traced_perf debugfs_tracing_debug:dir r_dir_perms; 51 allow traced_perf debugfs_tracing_debug:file r_file_perms; 52') 53 54# Do not audit the cases where traced_perf attempts to access /proc/[pid] for 55# domains that it cannot read. 56dontaudit traced_perf domain:dir { search getattr open }; 57 58# Do not audit failures to signal a process, as there are cases when this is 59# expected (native processes on debug builds use the policy for enforcing which 60# processes are profileable). 61dontaudit traced_perf domain:process signal; 62 63# Never allow access to app data files 64neverallow traced_perf app_data_file_type:file *; 65 66# Never allow profiling privileged or otherwise incompatible domains. 67# Corresponding allow-rule is in private/domain.te. 68never_profile_perf(`{ 69 apexd 70 app_zygote 71 bpfloader 72 hal_configstore_server 73 init 74 kernel 75 keystore 76 llkd 77 logd 78 ueventd 79 vendor_init 80 vold 81 webview_zygote 82 zygote 83}') 84