Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 429ce33777ffd92d3b0538b718761a0584d5bfe8^1..429ce33777ffd92d3b0538b718761a0584d5bfe8 / .
commit429ce33777ffd92d3b0538b718761a0584d5bfe8[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Fri Feb 14 19:59:49 2020 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Feb 14 19:59:49 2020 +0000
treeeb46662c4b49fa017ab25639e6bbd8a3c7644848
parentff40f150e847033dfcef5e631d34f068cc3a2bc8 [diff]
parent21f6ae6a8a3700bb1208245b09b1b0cc191f7c14 [diff]
Merge "perfetto: allow producers to supply shared memory"
diff --git a/private/traced.te b/private/traced.te
index 42c6704..7ecfb7f 100644
--- a/private/traced.te
+++ b/private/traced.te

@@ -36,6 +36,23 @@
 allow traced iorapd:fd use;
 allow traced iorapd_tmpfs:file { read write };
 
+# Allow traced to use shared memory supplied by producers. Typically, traced
+# (i.e. the tracing service) creates the shared memory used for data transfer
+# from the producer. This rule allows an alternative scheme, where the producer
+# creates the shared memory, that is then adopted by traced (after validating
+# that it is appropriately sealed).
+# This list has to replicate the tmpfs domains of all applicable domains that
+# have perfetto_producer() macro applied to them.
+# perfetto_tmpfs excluded as it should never need to use the producer-supplied
+# shared memory scheme.
+allow traced  {
+  appdomain_tmpfs
+  heapprofd_tmpfs
+  surfaceflinger_tmpfs
+  traced_probes_tmpfs
+  userdebug_or_eng(`system_server_tmpfs')
+}:file { getattr map read write };
+
 # Allow traced to notify Traceur when a trace ends by setting the
 # sys.trace.trace_end_signal property.
 set_prop(traced, system_trace_prop)

diff --git a/private/traced_probes.te b/private/traced_probes.te
index 28538da..dd6ece0 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te

@@ -1,8 +1,10 @@
 # Perfetto tracing probes, has tracefs access.
 type traced_probes_exec, system_file_type, exec_type, file_type;
+type traced_probes_tmpfs, file_type;
 
 # Allow init to exec the daemon.
 init_daemon_domain(traced_probes)
+tmpfs_domain(traced_probes)
 
 # Write trace data to the Perfetto traced damon. This requires connecting to its
 # producer socket and obtaining a (per-process) tmpfs fd.

diff --git a/public/te_macros b/public/te_macros
index 430f172..89061a0 100644
--- a/public/te_macros
+++ b/public/te_macros

@@ -748,6 +748,9 @@
 ###################################
 # perfetto_producer(domain)
 # Allow processes within the domain to write data to Perfetto.
+# When applying this macro, you might need to also allow traced to use the
+# producer tmpfs domain, if the producer will be the one creating the shared
+# memory.
 define(`perfetto_producer', `
   allow $1 traced:fd use;
   allow $1 traced_tmpfs:file { read write getattr map };