Revert "allow simpleperf to profile more app types."
This reverts commit 26de4c4ecc1fa0229052b6c3a255ef0ae7c85bdd.
Reason for revert: security concern
Bug: 199086135
Test: none
Change-Id: I0f3aa7f099121f350e487db4ef0135aa045911cb
diff --git a/private/simpleperf.te b/private/simpleperf.te
index 9c70060..0639c11 100644
--- a/private/simpleperf.te
+++ b/private/simpleperf.te
@@ -5,16 +5,7 @@
typeattribute simpleperf coredomain;
type simpleperf_exec, system_file_type, exec_type, file_type;
-# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
-define(`simpleperf_profileable_apps', `{
- ephemeral_app
- isolated_app
- platform_app
- priv_app
- untrusted_app_all
-}')
-
-domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
+domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf)
# When running in this domain, simpleperf is scoped to profiling an individual
# app. The necessary MAC permissions for profiling are more maintainable and
@@ -25,19 +16,14 @@
# Allow ptrace attach to the target app, for reading JIT debug info (using
# process_vm_readv) during unwinding and symbolization.
-allow simpleperf simpleperf_profileable_apps:process ptrace;
+allow simpleperf untrusted_app_all:process ptrace;
# Allow using perf_event_open syscall for profiling the target app.
allow simpleperf self:perf_event { open read write kernel };
# Allow /proc/<pid> access for the target app (for example, when trying to
# discover it by cmdline).
-r_dir_file(simpleperf, simpleperf_profileable_apps)
-
-# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
-# profiler runs as when executed by the app. The signals are used to control
-# the profiler (which would be profiling the app that is sending the signal).
-allow simpleperf_profileable_apps simpleperf:process signal;
+r_dir_file(simpleperf, untrusted_app_all)
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te
index 184a80a..17fd8cd 100644
--- a/private/simpleperf_app_runner.te
+++ b/private/simpleperf_app_runner.te
@@ -21,7 +21,7 @@
# simpleperf_app_runner switches to the app security context.
selinux_check_context(simpleperf_app_runner) # validate context
allow simpleperf_app_runner self:process setcurrent;
-allow simpleperf_app_runner { ephemeral_app isolated_app platform_app priv_app untrusted_app_all }:process dyntransition; # setcon
+allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
# determine which domain to transition to.
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index b4561fa..773cd2e 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -171,6 +171,11 @@
allow untrusted_app_all self:lockdown integrity;
')
+# Allow signalling simpleperf domain, which is the domain that the simpleperf
+# profiler runs as when executed by the app. The signals are used to control
+# the profiler (which would be profiling the app that is sending the signal).
+allow untrusted_app_all simpleperf:process signal;
+
# Allow running a VM for test/demo purposes
userdebug_or_eng(`
virtualizationservice_use(untrusted_app_all)