commit 2f99809c43d94309454181924e7270ef292facd0
author Primiano Tucci <primiano@google.com> Thu Jan 07 17:12:21 2021 +0000
committer Primiano Tucci <primiano@google.com> Tue Jan 12 14:06:24 2021 +0000
tree 035fe4236435d7bd76088f743800d9a6d5a5306a
parent f5891d67aaec4a0fd959f84b95535306a2f3b97c

Allow dumpstate to snapshot traces and attach them to bug reports

Feature description: if a background trace is happening at the
time dumpstate is invoked, the tracing daemon will snapshot
the trace into a fixed path (/data/misc/perfetto-traces/bugreport/).
Dumpstate will attach the trace, if present, to the bugreport.
From a SELinux viewpoint this involves the following permissions:
- Allow dumpstate to exec+trans perfetto --save-for-bugreport
  (this will just send an IPC to traced, which will save the trace).
- Allow dumpstate to list, read and unlink the trace file.
- Create a dedicated label for bugreport traces, to prevent that
  dumpstate gets access to other traces not meant for bug reporting.

Note that this does NOT allow dumpstate to serialze arbitary traces.
Traces must be marked as "eligible for bugreport" upfront in the
trace config (which is not under dumpstate control), by
setting bugreport_score > 0.

Design doc: go/perfetto-betterbug

Bug: 170334305
Test: manual:
      1. start a perfetto trace with bugreport_score > 0
      2. adb shell dumpstate
      3. check that the bugreport zip contains the trace

Change-Id: I259c3ee9d5be08d6b22c796b32875d7de703a230

private/dumpstate.te

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 13c2c5e..2b7b228 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -1,4 +1,5 @@
 typeattribute dumpstate coredomain;
+type dumpstate_tmpfs, file_type;
 
 init_daemon_domain(dumpstate)
 
@@ -82,3 +83,19 @@
 binder_call(dumpstate, gsid)
 
 r_dir_file(dumpstate, ota_metadata_file)
+
+# For starting (and killing) perfetto --save-for-bugreport. If a labelled trace
+# is being recorded, the command above will serialize it into
+# /data/misc/perfetto-traces/bugreport/*.pftrace .
+domain_auto_trans(dumpstate, perfetto_exec, perfetto)
+allow dumpstate perfetto:process signal;
+allow dumpstate perfetto_traces_data_file:dir { search };
+allow dumpstate perfetto_traces_bugreport_data_file:dir rw_dir_perms;
+allow dumpstate perfetto_traces_bugreport_data_file:file { r_file_perms unlink };
+
+# When exec-ing /system/bin/perfetto, dumpstates redirects stdio to /dev/null
+# (which is labelled as dumpstate_tmpfs) to avoid leaking a FD to the bugreport
+# zip file. These rules are to allow perfetto.te to inherit dumpstate's
+# /dev/null.
+allow perfetto dumpstate_tmpfs:file rw_file_perms;
+allow perfetto dumpstate:fd use;