| Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 1 | # Domain used when running /system/bin/simpleperf to profile a specific app. |
| 2 | # Entered either by the app itself exec-ing the binary, or through |
| 3 | # simpleperf_app_runner (with shell as its origin). Certain other domains |
| 4 | # (runas_app, shell) can also exec this binary without a domain transition. |
| 5 | typeattribute simpleperf coredomain; |
| 6 | type simpleperf_exec, system_file_type, exec_type, file_type; |
| 7 | |
| Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 8 | # Define apps that can be marked debuggable/profileable and be profiled by simpleperf. |
| 9 | define(`simpleperf_profileable_apps', `{ |
| 10 | ephemeral_app |
| 11 | isolated_app |
| 12 | platform_app |
| 13 | priv_app |
| 14 | untrusted_app_all |
| 15 | }') |
| 16 | |
| 17 | domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf) |
| Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 18 | |
| 19 | # When running in this domain, simpleperf is scoped to profiling an individual |
| 20 | # app. The necessary MAC permissions for profiling are more maintainable and |
| 21 | # consistent if simpleperf is marked as an app domain as well (as, for example, |
| 22 | # it will then see the same set of system libraries as the app). |
| 23 | app_domain(simpleperf) |
| 24 | untrusted_app_domain(simpleperf) |
| 25 | |
| 26 | # Allow ptrace attach to the target app, for reading JIT debug info (using |
| 27 | # process_vm_readv) during unwinding and symbolization. |
| Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 28 | allow simpleperf simpleperf_profileable_apps:process ptrace; |
| Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 29 | |
| 30 | # Allow using perf_event_open syscall for profiling the target app. |
| 31 | allow simpleperf self:perf_event { open read write kernel }; |
| 32 | |
| 33 | # Allow /proc/<pid> access for the target app (for example, when trying to |
| 34 | # discover it by cmdline). |
| Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 35 | r_dir_file(simpleperf, simpleperf_profileable_apps) |
| 36 | |
| 37 | # Allow apps signalling simpleperf domain, which is the domain that the simpleperf |
| 38 | # profiler runs as when executed by the app. The signals are used to control |
| 39 | # the profiler (which would be profiling the app that is sending the signal). |
| 40 | allow simpleperf_profileable_apps simpleperf:process signal; |
| Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 41 | |
| 42 | # Suppress denial logspam when simpleperf is trying to find a matching process |
| 43 | # by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within |
| 44 | # the same domain as their respective processes, most of which this domain is |
| 45 | # not allowed to see. |
| 46 | dontaudit simpleperf domain:dir search; |
| 47 | |
| 48 | # Neverallows: |
| 49 | |
| 50 | # Profiling must be confined to the scope of an individual app. |
| 51 | neverallow simpleperf self:perf_event ~{ open read write kernel }; |