Perfetto SELinux policies
Perfetto is a performance instrumentation and logging framework,
living in AOSP's /external/pefetto.
Perfetto introduces in the system one binary and two daemons
(the binary can specialize in either depending on the cmdline).
1) traced: unprivileged daemon. This is architecturally similar to logd.
It exposes two UNIX sockets:
- /dev/socket/traced_producer : world-accessible, allows to stream
tracing data. A tmpfs file descriptor is sent via SCM_RIGHTS
from traced to each client process, which needs to be able to
mmap it R/W (but not X)
- /dev/socket/traced_consumer : privilege-accessible (only from:
shell, statsd). It allows to configure tracing and read the trace
buffer.
2) traced_probes: privileged daemon. This needs to:
- access tracingfs (/d/tracing) to turn tracing on and off.
- exec atrace
- connect to traced_producer to stream data to traced.
init.rc file:
https://android-review.googlesource.com/c/platform/external/perfetto/+/575382/14/perfetto.rc
Bug: 70942310
Change-Id: Ia3b5fdacbd5a8e6e23b82f1d6fabfa07e4abc405
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index f96cae0..e76407b 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -105,3 +105,9 @@
allow untrusted_app_all vendor_app_file:dir { open getattr read search };
allow untrusted_app_all vendor_app_file:file { open getattr read execute };
allow untrusted_app_all vendor_app_file:lnk_file { open getattr read };
+
+# Write app-specific trace data to the Perfetto traced damon. This requires
+# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
+allow untrusted_app_all traced:fd use;
+allow untrusted_app_all traced_tmpfs:file { read write getattr map };
+unix_socket_connect(untrusted_app_all, traced_producer, traced)