Allow perfetto traced_probes to access tracefs on user
Allows the traced_probes daemon to access the core ftrace
functionalities on user builds. Specifically this involves:
- Whitelisting the per_cpu/ subdirectory to access:
1) trace_pipe_raw file to allow perfetto to read the raw
ftrace buffer (rather than the text-based /trace endpoint)
2) cpuX/stats and cpuX/buffer_size_kb that allow to
tune the buffer size per-cpu pipe and to get basic
statistics about the ftrace buffer (#events, overruns)
- Whitelistiing the full event directories rather than the
/enable files. This gives also access to the /format files
for the events that are already enabled on user builds.
/format files simply describe the memory layout
of the binary logs. Example: https://ghostbin.com/paste/f8m4k
This still does NOT allow enabling the events labeled as
"_debug" (mostly events that return activity on inodes).
We'll deal with that separately as soon as we get a POC
of inode resolution and a sensible blacklist/whitelist model.
Bug: 70942310
Change-Id: Ic15cca0a9d7bc0e45aa48097a94eadef44c333f8
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 26e0051..3bf1471 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -12,13 +12,14 @@
unix_socket_connect(traced_probes, traced_producer, traced)
# Allow traced_probes to access tracefs.
-# TODO(primiano): For the moment this is userdebug/eng only until we get an
-# approval for user builds.
-userdebug_or_eng(`
allow traced_probes debugfs_tracing:dir r_dir_perms;
allow traced_probes debugfs_tracing:file rw_file_perms;
-allow traced_probes debugfs_tracing_debug:file rw_file_perms;
allow traced_probes debugfs_trace_marker:file getattr;
+
+# TODO(primiano): temporarily I/O tracing categories are still
+# userdebug only until we nail down the blacklist/whitelist.
+userdebug_or_eng(`
+allow traced_probes debugfs_tracing_debug:file rw_file_perms;
')
# Allow traced_probes to start with a higher scheduling class and then downgrade