Allow tracing service to access kallsyms on userdebug
This CL allows the traced_probes service to temporarily
lower kptr_restrict and read /proc/kallsyms.
This is allowed only on userdebug/eng builds.
The lowering of kptr_restrict is done via an init
property because the kernel checks that the kptr_restrict
writer is CAP_SYS_ADMIN, regardless of the /proc file ACLs [1].
[1] https://github.com/torvalds/linux/blob/4cbffc461ec91287c4cb1d0e27b01b988d0b8fba/kernel/sysctl.c#L2254
Bug: 136133013
Design doc: go/perfetto-kallsyms
Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882
Change-Id: Ic06e7a9a74c0f3e42fa63f7f41decc385c9fea2c
diff --git a/private/property.te b/private/property.te
index 09e93e9..18d94d2 100644
--- a/private/property.te
+++ b/private/property.te
@@ -11,6 +11,7 @@
system_internal_prop(init_svc_debug_prop)
system_internal_prop(last_boot_reason_prop)
system_internal_prop(localization_prop)
+system_internal_prop(lower_kptr_restrict_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(system_adbd_prop)
@@ -461,3 +462,10 @@
-hal_dumpstate_server
not_compatible_property(`-vendor_init')
} hal_dumpstate_config_prop:file no_rw_file_perms;
+
+neverallow {
+ -init
+ userdebug_or_eng(`-traced_probes')
+} {
+ lower_kptr_restrict_prop
+}:property_service set;