Changes to allow trace redactor to run
Updates to allow profiling module to run new trace_redactor binary.
Allow the trace_redactor binary to read the input trace file and write
the output file.
Bug: 327423523
Test: build/flash and
atest CtsProfilingModuleTests#testRequestSystemTraceSuccess
Change-Id: Id6684d8a9891e9ed42fe115066e41a89a7e8a097
diff --git a/private/file_contexts b/private/file_contexts
index 193c033..2b1de69 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -339,6 +339,7 @@
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_perf u:object_r:traced_perf_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
+/system/bin/trace_redactor u:object_r:trace_redactor_exec:s0
/system/bin/heapprofd u:object_r:heapprofd_exec:s0
/system/bin/uncrypt u:object_r:uncrypt_exec:s0
/system/bin/update_verifier u:object_r:update_verifier_exec:s0
diff --git a/private/perfetto.te b/private/perfetto.te
index 616da39..07d4399 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -95,6 +95,7 @@
-incidentd # For receiving reported traces. TODO(lalitm): remove this.
-priv_app # For stating traces for bug-report UI.
-system_server # For accessing traces started by profiling apis.
+ -trace_redactor # For accessing traces to be redacted.
} perfetto_traces_data_file:dir *;
neverallow {
domain
@@ -104,6 +105,7 @@
-shell # For devepment purposes.
-traced # For write_into_file traces.
-incidentd # For receiving reported traces. TODO(lalitm): remove this.
+ -trace_redactor # For redacting trace files.
} perfetto_traces_data_file:file ~{ getattr read };
### perfetto should NEVER do any of the following
diff --git a/private/system_server.te b/private/system_server.te
index 9b3ddfd..bb84eed 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -586,9 +586,14 @@
# Allow system server to manage perfetto traces for ProfilingService.
allow system_server perfetto_traces_profiling_data_file:dir rw_dir_perms;
-allow system_server perfetto_traces_profiling_data_file:file { rw_file_perms unlink };
+allow system_server perfetto_traces_profiling_data_file:file create_file_perms;
allow system_server perfetto_traces_data_file:dir search;
+# Allow system server to exec the trace redactor cmdline client and kill the process for
+# ProfilingService.
+domain_auto_trans(system_server, trace_redactor_exec, trace_redactor);
+allow system_server trace_redactor:process signal;
+
# Allow system server to kill perfetto processes for ProfilingService.
allow system_server perfetto:process signal;
@@ -1319,7 +1324,8 @@
# Ensure that system_server doesn't perform any domain transitions other than
# transitioning to the crash_dump domain when a crash occurs or fork clatd.
-neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
+# add perfetto and trace_redactor which are exec'd from system server for ProfilingService.
+neverallow system_server { domain -clatd -crash_dump -perfetto -trace_redactor }:process transition;
neverallow system_server *:process dyntransition;
# Ensure that system_server doesn't access anything but search in perfetto_traces_data_file:dir.
diff --git a/private/trace_redactor.te b/private/trace_redactor.te
new file mode 100644
index 0000000..fbca3fd
--- /dev/null
+++ b/private/trace_redactor.te
@@ -0,0 +1,13 @@
+# Trace Redactor command line
+type trace_redactor_exec, system_file_type, exec_type, file_type;
+type trace_redactor, domain, coredomain;
+
+# Use pipes provided by system_server
+allow trace_redactor system_server:fd use;
+allow trace_redactor system_server:fifo_file { read write getattr ioctl };
+
+# Allow trace_redactor to read output trace file and write to new redacted file.
+allow trace_redactor perfetto_traces_profiling_data_file:dir search;
+allow trace_redactor perfetto_traces_data_file:dir search;
+allow trace_redactor perfetto_traces_data_file:file { read getattr ioctl };
+allow trace_redactor perfetto_traces_profiling_data_file:file rw_file_perms;