Allow perfetto traced_probes to access tracefs on user
Allows the traced_probes daemon to access the core ftrace
functionalities on user builds. Specifically this involves:
- Whitelisting the per_cpu/ subdirectory to access:
1) trace_pipe_raw file to allow perfetto to read the raw
ftrace buffer (rather than the text-based /trace endpoint)
2) cpuX/stats and cpuX/buffer_size_kb that allow to
tune the buffer size per-cpu pipe and to get basic
statistics about the ftrace buffer (#events, overruns)
- Whitelistiing the full event directories rather than the
/enable files. This gives also access to the /format files
for the events that are already enabled on user builds.
/format files simply describe the memory layout
of the binary logs. Example: https://ghostbin.com/paste/f8m4k
This still does NOT allow enabling the events labeled as
"_debug" (mostly events that return activity on inodes).
We'll deal with that separately as soon as we get a POC
of inode resolution and a sensible blacklist/whitelist model.
Bug: 70942310
Change-Id: Ic15cca0a9d7bc0e45aa48097a94eadef44c333f8
diff --git a/private/domain.te b/private/domain.te
index aa35ff9..6ca859a 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -65,7 +65,7 @@
-dumpstate
-init
userdebug_or_eng(`-perfprofd')
- userdebug_or_eng(`-traced_probes')
+ -traced_probes
-shell
-traceur_app
} debugfs_tracing:file no_rw_file_perms;
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 39ffcd9..44f413f 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -128,6 +128,9 @@
genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0
genfscon tracefs /trace u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0
+genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0
+
genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0
genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0
genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0
@@ -136,91 +139,91 @@
genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0
genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0
-genfscon debugfs /tracing/events/sync/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/regulator/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/irq/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ipi/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
-genfscon debugfs /tracing/events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/workqueue/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/regulator/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/pagecache/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/irq/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ipi/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing_debug:s0
+genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/sync/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/workqueue/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/regulator/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/pagecache/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/irq/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ipi/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/f2fs/f2fs_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/f2fs/f2fs_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/f2fs/f2fs_write_begin/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/f2fs/f2fs_write_end/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ext4/ext4_da_write_begin/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ext4/ext4_da_write_end/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ext4/ext4_sync_file_enter/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/ext4/ext4_sync_file_exit/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/block/block_rq_issue/enable u:object_r:debugfs_tracing_debug:s0
-genfscon tracefs /events/block/block_rq_complete/enable u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/sync/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/workqueue/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/regulator/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/pagecache/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/irq/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ipi/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing_debug:s0
+genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing_debug:s0
genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0
genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0
genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0
genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/sched/sched_switch/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/sched/sched_wakeup/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/sched/sched_blocked_reason/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/sched/sched_cpu_hotplug/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/cgroup/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/power/cpu_frequency/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/power/cpu_idle/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/power/clock_set_rate/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/power/cpu_frequency_limits/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/cpufreq_interactive/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/binder/binder_transaction/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/binder/binder_transaction_received/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/binder/binder_lock/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/binder/binder_locked/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/binder/binder_unlock/enable u:object_r:debugfs_tracing:s0
-genfscon tracefs /events/lowmemorykiller/enable u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
+genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0
genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/sched/sched_switch/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/sched/sched_wakeup/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/sched/sched_blocked_reason/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/cgroup/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/power/cpu_frequency/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/power/cpu_idle/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/power/clock_set_rate/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/power/cpu_frequency_limits/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/cpufreq_interactive/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/binder/binder_transaction/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/binder/binder_transaction_received/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/binder/binder_lock/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/binder/binder_locked/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/binder/binder_unlock/enable u:object_r:debugfs_tracing:s0
-genfscon debugfs /tracing/events/lowmemorykiller/enable u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0
+genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 26e0051..3bf1471 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -12,13 +12,14 @@
unix_socket_connect(traced_probes, traced_producer, traced)
# Allow traced_probes to access tracefs.
-# TODO(primiano): For the moment this is userdebug/eng only until we get an
-# approval for user builds.
-userdebug_or_eng(`
allow traced_probes debugfs_tracing:dir r_dir_perms;
allow traced_probes debugfs_tracing:file rw_file_perms;
-allow traced_probes debugfs_tracing_debug:file rw_file_perms;
allow traced_probes debugfs_trace_marker:file getattr;
+
+# TODO(primiano): temporarily I/O tracing categories are still
+# userdebug only until we nail down the blacklist/whitelist.
+userdebug_or_eng(`
+allow traced_probes debugfs_tracing_debug:file rw_file_perms;
')
# Allow traced_probes to start with a higher scheduling class and then downgrade