Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 1 | # Domain used when running /system/bin/simpleperf to profile a specific app. |
| 2 | # Entered either by the app itself exec-ing the binary, or through |
| 3 | # simpleperf_app_runner (with shell as its origin). Certain other domains |
| 4 | # (runas_app, shell) can also exec this binary without a domain transition. |
| 5 | typeattribute simpleperf coredomain; |
| 6 | type simpleperf_exec, system_file_type, exec_type, file_type; |
| 7 | |
Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 8 | # Define apps that can be marked debuggable/profileable and be profiled by simpleperf. |
| 9 | define(`simpleperf_profileable_apps', `{ |
| 10 | ephemeral_app |
| 11 | isolated_app |
| 12 | platform_app |
| 13 | priv_app |
| 14 | untrusted_app_all |
| 15 | }') |
| 16 | |
Yabin Cui | 4ff0611 | 2025-01-27 15:01:28 -0800 | [diff] [blame] | 17 | domain_auto_trans(simpleperf_profileable_apps, simpleperf_exec, simpleperf) |
Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 18 | |
| 19 | # When running in this domain, simpleperf is scoped to profiling an individual |
| 20 | # app. The necessary MAC permissions for profiling are more maintainable and |
| 21 | # consistent if simpleperf is marked as an app domain as well (as, for example, |
| 22 | # it will then see the same set of system libraries as the app). |
| 23 | app_domain(simpleperf) |
Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 24 | |
| 25 | # Allow ptrace attach to the target app, for reading JIT debug info (using |
| 26 | # process_vm_readv) during unwinding and symbolization. |
Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 27 | allow simpleperf simpleperf_profileable_apps:process ptrace; |
Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 28 | |
| 29 | # Allow using perf_event_open syscall for profiling the target app. |
| 30 | allow simpleperf self:perf_event { open read write kernel }; |
| 31 | |
| 32 | # Allow /proc/<pid> access for the target app (for example, when trying to |
| 33 | # discover it by cmdline). |
Yabin Cui | 3696a20 | 2021-10-27 11:05:01 -0700 | [diff] [blame] | 34 | r_dir_file(simpleperf, simpleperf_profileable_apps) |
| 35 | |
| 36 | # Allow apps signalling simpleperf domain, which is the domain that the simpleperf |
| 37 | # profiler runs as when executed by the app. The signals are used to control |
| 38 | # the profiler (which would be profiling the app that is sending the signal). |
| 39 | allow simpleperf_profileable_apps simpleperf:process signal; |
Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 40 | |
| 41 | # Suppress denial logspam when simpleperf is trying to find a matching process |
| 42 | # by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within |
| 43 | # the same domain as their respective processes, most of which this domain is |
| 44 | # not allowed to see. |
| 45 | dontaudit simpleperf domain:dir search; |
| 46 | |
Yabin Cui | 9033a2e | 2025-01-28 15:09:51 -0800 | [diff] [blame] | 47 | # Allow simpleperf to read apk files and libraries executed by the app. |
| 48 | r_dir_file(simpleperf, privapp_data_file); |
| 49 | r_dir_file(simpleperf, app_data_file); |
| 50 | allow simpleperf { apk_tmp_file apk_private_tmp_file }:file { getattr read }; |
| 51 | allow simpleperf system_linker_exec:file r_file_perms; |
| 52 | allow simpleperf app_exec_data_file:file r_file_perms; |
| 53 | allow simpleperf asec_public_file:file r_file_perms; |
| 54 | r_dir_file(simpleperf, vendor_app_file); |
| 55 | |
| 56 | # Allow simpleperf to read input files passed from adb shell. |
| 57 | allow simpleperf shell_data_file:file r_file_perms; |
| 58 | allow simpleperf shell_data_file:dir r_dir_perms; |
| 59 | |
Ryan Savitski | ffa0dd9 | 2020-01-10 19:02:43 +0000 | [diff] [blame] | 60 | # Neverallows: |
| 61 | |
| 62 | # Profiling must be confined to the scope of an individual app. |
| 63 | neverallow simpleperf self:perf_event ~{ open read write kernel }; |
Yabin Cui | 9033a2e | 2025-01-28 15:09:51 -0800 | [diff] [blame] | 64 | # Never allow other processes to ptrace simpleperf, as this could leak sensitive infomation from |
| 65 | # raw samples. |
| 66 | neverallow { domain -crash_dump -llkd } simpleperf:process ptrace; |