Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 2f99809c43d94309454181924e7270ef292facd0^! / . / private / traced.te
commit2f99809c43d94309454181924e7270ef292facd0[log] [tgz]
authorPrimiano Tucci <primiano@google.com>Thu Jan 07 17:12:21 2021 +0000
committerPrimiano Tucci <primiano@google.com>Tue Jan 12 14:06:24 2021 +0000
tree035fe4236435d7bd76088f743800d9a6d5a5306a
parentf5891d67aaec4a0fd959f84b95535306a2f3b97c [diff] [blame]
Allow dumpstate to snapshot traces and attach them to bug reports

Feature description: if a background trace is happening at the
time dumpstate is invoked, the tracing daemon will snapshot
the trace into a fixed path (/data/misc/perfetto-traces/bugreport/).
Dumpstate will attach the trace, if present, to the bugreport.
From a SELinux viewpoint this involves the following permissions:
- Allow dumpstate to exec+trans perfetto --save-for-bugreport
  (this will just send an IPC to traced, which will save the trace).
- Allow dumpstate to list, read and unlink the trace file.
- Create a dedicated label for bugreport traces, to prevent that
  dumpstate gets access to other traces not meant for bug reporting.

Note that this does NOT allow dumpstate to serialze arbitary traces.
Traces must be marked as "eligible for bugreport" upfront in the
trace config (which is not under dumpstate control), by
setting bugreport_score > 0.

Design doc: go/perfetto-betterbug

Bug: 170334305
Test: manual:
      1. start a perfetto trace with bugreport_score > 0
      2. adb shell dumpstate
      3. check that the bugreport zip contains the trace

Change-Id: I259c3ee9d5be08d6b22c796b32875d7de703a230

diff --git a/private/traced.te b/private/traced.te
index 2410d7e..fcbe46d 100644
--- a/private/traced.te
+++ b/private/traced.te

@@ -28,6 +28,9 @@
 # Allow the service to create new files within /data/misc/perfetto-traces.
 allow traced perfetto_traces_data_file:file create_file_perms;
 allow traced perfetto_traces_data_file:dir rw_dir_perms;
+# ... and /data/misc/perfetto-traces/bugreport*
+allow traced perfetto_traces_bugreport_data_file:file create_file_perms;
+allow traced perfetto_traces_bugreport_data_file:dir rw_dir_perms;
 
 # Allow traceur to pass open file descriptors to traced, so traced can directly
 # write into the output file without doing roundtrips over IPC.
@@ -82,6 +85,7 @@
 neverallow traced {
   data_file_type
   -perfetto_traces_data_file
+  -perfetto_traces_bugreport_data_file
   -system_data_file
   -system_data_root_file
   # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
@@ -97,6 +101,7 @@
   data_file_type
   -zoneinfo_data_file
   -perfetto_traces_data_file
+  -perfetto_traces_bugreport_data_file
   -trace_data_file
   with_native_coverage(`-method_trace_data_file')
 }:file ~write;