sepolicy: rework perfetto producer/profiler rules for "user" builds This patch: * allows for heap and perf profiling of all processes on the system (minus undumpable and otherwise incompatible domains). For apps, the rest of the platform will still perform checks based on profileable/debuggable manifest flags. For native processes, the profilers will check that the process runs as an allowlisted UID. * allows for all apps (=appdomain) to act as perfetto tracing data writers (=perfetto_producer) for the ART java heap graph plugin (perfetto_hprof). * allows for system_server to act a perfetto_producer for java heap graphs. Bug: 247858731 Change-Id: I792ec1812d94b4fa9a8688ed74f2f62f6a7f33a6

commit: 941ba723baceac19151560e8a1d2830b9be6493c [log] [tgz]
author: Ryan Savitski <rsavitski@google.com> Thu Feb 02 14:24:45 2023 +0000
committer: Ryan Savitski <rsavitski@google.com> Fri Feb 03 15:05:14 2023 +0000
tree: a1e242eca01a85f352b20dd23efec841df295e51
parent: e79c506fe47d48dfe29a3aecda645eeebf73fd4f [diff] [blame]
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 811bf48..080b6fe 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te

@@ -60,9 +60,14 @@
 # Never allow access to app data files
 neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
 
-# Never allow profiling highly privileged processes.
+# Never allow profiling privileged or otherwise incompatible domains.
+# Corresponding allow-rule is in private/domain.te.
 never_profile_perf(`{
+  apexd
+  app_zygote
   bpfloader
+  diced
+  hal_configstore
   init
   kernel
   keystore
@@ -71,4 +76,6 @@
   ueventd
   vendor_init
   vold
+  webview_zygote
+  zygote
 }')
commit	941ba723baceac19151560e8a1d2830b9be6493c	[log] [tgz]
author	Ryan Savitski <rsavitski@google.com>	Thu Feb 02 14:24:45 2023 +0000
committer	Ryan Savitski <rsavitski@google.com>	Fri Feb 03 15:05:14 2023 +0000
tree	a1e242eca01a85f352b20dd23efec841df295e51
parent	e79c506fe47d48dfe29a3aecda645eeebf73fd4f [diff] [blame]