Allow tracing service to access kallsyms on userdebug
This CL allows the traced_probes service to temporarily
lower kptr_restrict and read /proc/kallsyms.
This is allowed only on userdebug/eng builds.
The lowering of kptr_restrict is done via an init
property because the kernel checks that the kptr_restrict
writer is CAP_SYS_ADMIN, regardless of the /proc file ACLs [1].
[1] https://github.com/torvalds/linux/blob/4cbffc461ec91287c4cb1d0e27b01b988d0b8fba/kernel/sysctl.c#L2254
Bug: 136133013
Design doc: go/perfetto-kallsyms
Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882
Change-Id: Ic06e7a9a74c0f3e42fa63f7f41decc385c9fea2c
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 5c83c7e..4527066 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -29,6 +29,7 @@
people_service
power_debug_prop
power_stats_service
+ proc_kallsyms
profcollectd
profcollectd_data_file
profcollectd_exec
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 136da2b..1b22725 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -10,6 +10,7 @@
genfscon proc /filesystems u:object_r:proc_filesystems:s0
genfscon proc /interrupts u:object_r:proc_interrupts:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /kallsyms u:object_r:proc_kallsyms:s0
genfscon proc /keys u:object_r:proc_keys:s0
genfscon proc /kmsg u:object_r:proc_kmsg:s0
genfscon proc /loadavg u:object_r:proc_loadavg:s0
diff --git a/private/property.te b/private/property.te
index 09e93e9..18d94d2 100644
--- a/private/property.te
+++ b/private/property.te
@@ -11,6 +11,7 @@
system_internal_prop(init_svc_debug_prop)
system_internal_prop(last_boot_reason_prop)
system_internal_prop(localization_prop)
+system_internal_prop(lower_kptr_restrict_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(system_adbd_prop)
@@ -461,3 +462,10 @@
-hal_dumpstate_server
not_compatible_property(`-vendor_init')
} hal_dumpstate_config_prop:file no_rw_file_perms;
+
+neverallow {
+ -init
+ userdebug_or_eng(`-traced_probes')
+} {
+ lower_kptr_restrict_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 361db3e..ac680a4 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -44,6 +44,7 @@
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
security.perf_harden u:object_r:shell_prop:s0
+security.lower_kptr_restrict u:object_r:lower_kptr_restrict_prop:s0
service.adb.root u:object_r:shell_prop:s0
service.adb.tls.port u:object_r:adbd_prop:s0
persist.adb.wifi. u:object_r:adbd_prop:s0
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 36f9c51..f010a77 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -29,6 +29,11 @@
# Allow procfs access
r_dir_file(traced_probes, domain)
+# Allow to temporarily lift the kptr_restrict setting and build a symbolization
+# map reading /proc/kallsyms.
+userdebug_or_eng(`set_prop(traced_probes, lower_kptr_restrict_prop)')
+allow traced_probes proc_kallsyms:file r_file_perms;
+
# Allow to read packages.list file.
allow traced_probes packages_list_file:file r_file_perms;