Allow tracing service to access kallsyms on userdebug This CL allows the traced_probes service to temporarily lower kptr_restrict and read /proc/kallsyms. This is allowed only on userdebug/eng builds. The lowering of kptr_restrict is done via an init property because the kernel checks that the kptr_restrict writer is CAP_SYS_ADMIN, regardless of the /proc file ACLs [1]. [1] https://github.com/torvalds/linux/blob/4cbffc461ec91287c4cb1d0e27b01b988d0b8fba/kernel/sysctl.c#L2254 Bug: 136133013 Design doc: go/perfetto-kallsyms Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882 Change-Id: Ic06e7a9a74c0f3e42fa63f7f41decc385c9fea2c

commit: cd452300a78de4ca0f85770966a76cc90f6a6b4d [log] [tgz]
author: Primiano Tucci <primiano@google.com> Fri Oct 09 09:15:10 2020 +0100
committer: Primiano Tucci <primiano@google.com> Fri Oct 23 14:03:08 2020 +0100
tree: cc6bcd484eb2699a59c51d62889b3332974fd1e5
parent: c1eb80e302f3a23c9dbbea8ab1fa8a972ff8bf30 [diff] [blame]
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 136da2b..1b22725 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -10,6 +10,7 @@
 genfscon proc /filesystems u:object_r:proc_filesystems:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
+genfscon proc /kallsyms u:object_r:proc_kallsyms:s0
 genfscon proc /keys u:object_r:proc_keys:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
 genfscon proc /loadavg u:object_r:proc_loadavg:s0
commit	cd452300a78de4ca0f85770966a76cc90f6a6b4d	[log] [tgz]
author	Primiano Tucci <primiano@google.com>	Fri Oct 09 09:15:10 2020 +0100
committer	Primiano Tucci <primiano@google.com>	Fri Oct 23 14:03:08 2020 +0100
tree	cc6bcd484eb2699a59c51d62889b3332974fd1e5
parent	c1eb80e302f3a23c9dbbea8ab1fa8a972ff8bf30 [diff] [blame]