blob: 46769cba1e402797e2d430249ed8d3dd09d4e609 [file] [log] [blame]
Ryan Savitskiffa0dd92020-01-10 19:02:43 +00001# Domain used when running /system/bin/simpleperf to profile a specific app.
2# Entered either by the app itself exec-ing the binary, or through
3# simpleperf_app_runner (with shell as its origin). Certain other domains
4# (runas_app, shell) can also exec this binary without a domain transition.
5typeattribute simpleperf coredomain;
6type simpleperf_exec, system_file_type, exec_type, file_type;
7
Yabin Cui3696a202021-10-27 11:05:01 -07008# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
9define(`simpleperf_profileable_apps', `{
10 ephemeral_app
11 isolated_app
12 platform_app
13 priv_app
14 untrusted_app_all
15}')
16
Yabin Cui4ff06112025-01-27 15:01:28 -080017domain_auto_trans(simpleperf_profileable_apps, simpleperf_exec, simpleperf)
Ryan Savitskiffa0dd92020-01-10 19:02:43 +000018
19# When running in this domain, simpleperf is scoped to profiling an individual
20# app. The necessary MAC permissions for profiling are more maintainable and
21# consistent if simpleperf is marked as an app domain as well (as, for example,
22# it will then see the same set of system libraries as the app).
23app_domain(simpleperf)
Ryan Savitskiffa0dd92020-01-10 19:02:43 +000024
25# Allow ptrace attach to the target app, for reading JIT debug info (using
26# process_vm_readv) during unwinding and symbolization.
Yabin Cui3696a202021-10-27 11:05:01 -070027allow simpleperf simpleperf_profileable_apps:process ptrace;
Ryan Savitskiffa0dd92020-01-10 19:02:43 +000028
29# Allow using perf_event_open syscall for profiling the target app.
30allow simpleperf self:perf_event { open read write kernel };
31
32# Allow /proc/<pid> access for the target app (for example, when trying to
33# discover it by cmdline).
Yabin Cui3696a202021-10-27 11:05:01 -070034r_dir_file(simpleperf, simpleperf_profileable_apps)
35
36# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
37# profiler runs as when executed by the app. The signals are used to control
38# the profiler (which would be profiling the app that is sending the signal).
39allow simpleperf_profileable_apps simpleperf:process signal;
Ryan Savitskiffa0dd92020-01-10 19:02:43 +000040
41# Suppress denial logspam when simpleperf is trying to find a matching process
42# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
43# the same domain as their respective processes, most of which this domain is
44# not allowed to see.
45dontaudit simpleperf domain:dir search;
46
Yabin Cui9033a2e2025-01-28 15:09:51 -080047# Allow simpleperf to read apk files and libraries executed by the app.
48r_dir_file(simpleperf, privapp_data_file);
49r_dir_file(simpleperf, app_data_file);
50allow simpleperf { apk_tmp_file apk_private_tmp_file }:file { getattr read };
51allow simpleperf system_linker_exec:file r_file_perms;
52allow simpleperf app_exec_data_file:file r_file_perms;
53allow simpleperf asec_public_file:file r_file_perms;
54r_dir_file(simpleperf, vendor_app_file);
55
56# Allow simpleperf to read input files passed from adb shell.
57allow simpleperf shell_data_file:file r_file_perms;
58allow simpleperf shell_data_file:dir r_dir_perms;
59
Ryan Savitskiffa0dd92020-01-10 19:02:43 +000060# Neverallows:
61
62# Profiling must be confined to the scope of an individual app.
63neverallow simpleperf self:perf_event ~{ open read write kernel };
Yabin Cui9033a2e2025-01-28 15:09:51 -080064# Never allow other processes to ptrace simpleperf, as this could leak sensitive infomation from
65# raw samples.
66neverallow { domain -crash_dump -llkd } simpleperf:process ptrace;