sepolicy: rework perfetto producer/profiler rules for "user" builds This patch: * allows for heap and perf profiling of all processes on the system (minus undumpable and otherwise incompatible domains). For apps, the rest of the platform will still perform checks based on profileable/debuggable manifest flags. For native processes, the profilers will check that the process runs as an allowlisted UID. * allows for all apps (=appdomain) to act as perfetto tracing data writers (=perfetto_producer) for the ART java heap graph plugin (perfetto_hprof). * allows for system_server to act a perfetto_producer for java heap graphs. Bug: 247858731 Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6

commit: 941ba723baceac19151560e8a1d2830b9be6493c [log] [tgz]
author: Ryan Savitski <rsavitski@google.com> Thu Feb 02 14:24:45 2023 +0000
committer: Ryan Savitski <rsavitski@google.com> Fri Feb 03 15:05:14 2023 +0000
tree: a1e242eca01a85f352b20dd23efec841df295e51
parent: e79c506fe47d48dfe29a3aecda645eeebf73fd4f [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 62185fc..4e5b2e8 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -421,7 +421,9 @@
 allow system_server mediadrmserver:tcp_socket rw_socket_perms;
 allow system_server mediadrmserver:udp_socket rw_socket_perms;
 
-userdebug_or_eng(`perfetto_producer({ system_server })')
+# Write trace data to the Perfetto traced daemon. This requires connecting to
+# its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(system_server)
 
 # Get file context
 allow system_server file_contexts_file:file r_file_perms;
commit	941ba723baceac19151560e8a1d2830b9be6493c	[log] [tgz]
author	Ryan Savitski <rsavitski@google.com>	Thu Feb 02 14:24:45 2023 +0000
committer	Ryan Savitski <rsavitski@google.com>	Fri Feb 03 15:05:14 2023 +0000
tree	a1e242eca01a85f352b20dd23efec841df295e51
parent	e79c506fe47d48dfe29a3aecda645eeebf73fd4f [diff] [blame]