traced_perf sepolicy tweaks
* allow shell to enable/disable the daemon via a sysprop * don't audit signals, as some denials are expected * exclude zygote from the profileable set of targets on debug builds. I've not caught any crashes in practice, but believe there's a possibility that the zygote forks while holding a non-whitelisted fd due to the signal handler. Change-Id: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1
This commit is contained in:
parent
1ddfce5fc6
commit
008465e5ec
@ -93,6 +93,7 @@
|
|||||||
system_unsolzygote_socket
|
system_unsolzygote_socket
|
||||||
tethering_service
|
tethering_service
|
||||||
traced_perf
|
traced_perf
|
||||||
|
traced_perf_enabled_prop
|
||||||
traced_perf_socket
|
traced_perf_socket
|
||||||
timezonedetector_service
|
timezonedetector_service
|
||||||
untrusted_app_29
|
untrusted_app_29
|
||||||
|
@ -29,7 +29,8 @@ userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
|
|||||||
})')
|
})')
|
||||||
|
|
||||||
# As above, allow perf profiling most processes on debug builds.
|
# As above, allow perf profiling most processes on debug builds.
|
||||||
# Do not diverge the two lists without a really good reason.
|
# zygote is excluded as system-wide profiling could end up with it
|
||||||
|
# (unexpectedly) holding an open fd across a fork.
|
||||||
userdebug_or_eng(`can_profile_perf({
|
userdebug_or_eng(`can_profile_perf({
|
||||||
domain
|
domain
|
||||||
-bpfloader
|
-bpfloader
|
||||||
@ -45,6 +46,7 @@ userdebug_or_eng(`can_profile_perf({
|
|||||||
-ueventd
|
-ueventd
|
||||||
-vendor_init
|
-vendor_init
|
||||||
-vold
|
-vold
|
||||||
|
-zygote
|
||||||
})')
|
})')
|
||||||
|
|
||||||
# Path resolution access in cgroups.
|
# Path resolution access in cgroups.
|
||||||
|
@ -77,6 +77,7 @@ persist.security. u:object_r:system_prop:s0
|
|||||||
persist.traced.enable u:object_r:traced_enabled_prop:s0
|
persist.traced.enable u:object_r:traced_enabled_prop:s0
|
||||||
traced.lazy. u:object_r:traced_lazy_prop:s0
|
traced.lazy. u:object_r:traced_lazy_prop:s0
|
||||||
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
|
persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
|
||||||
|
persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
|
||||||
persist.vendor.overlay. u:object_r:overlay_prop:s0
|
persist.vendor.overlay. u:object_r:overlay_prop:s0
|
||||||
ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
|
ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
|
||||||
ro.boottime. u:object_r:boottime_prop:s0
|
ro.boottime. u:object_r:boottime_prop:s0
|
||||||
|
@ -36,6 +36,11 @@ r_dir_file(traced_perf, vendor_file_type)
|
|||||||
# domains that it cannot read.
|
# domains that it cannot read.
|
||||||
dontaudit traced_perf domain:dir { search getattr open };
|
dontaudit traced_perf domain:dir { search getattr open };
|
||||||
|
|
||||||
|
# Do not audit failures to signal a process, as there are cases when this is
|
||||||
|
# expected (native processes on debug builds use the policy for enforcing which
|
||||||
|
# processes are profileable).
|
||||||
|
dontaudit traced_perf domain:process signal;
|
||||||
|
|
||||||
# Never allow access to app data files
|
# Never allow access to app data files
|
||||||
neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
|
neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
|
||||||
|
|
||||||
|
@ -22,6 +22,7 @@ system_internal_prop(pm_prop)
|
|||||||
system_internal_prop(userspace_reboot_log_prop)
|
system_internal_prop(userspace_reboot_log_prop)
|
||||||
system_internal_prop(system_adbd_prop)
|
system_internal_prop(system_adbd_prop)
|
||||||
system_internal_prop(adbd_prop)
|
system_internal_prop(adbd_prop)
|
||||||
|
system_internal_prop(traced_perf_enabled_prop)
|
||||||
|
|
||||||
compatible_property_only(`
|
compatible_property_only(`
|
||||||
# DO NOT ADD ANY PROPERTIES HERE
|
# DO NOT ADD ANY PROPERTIES HERE
|
||||||
|
@ -78,6 +78,9 @@ userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
|
|||||||
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
|
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
|
||||||
# property.
|
# property.
|
||||||
set_prop(shell, heapprofd_enabled_prop)
|
set_prop(shell, heapprofd_enabled_prop)
|
||||||
|
# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
|
||||||
|
# property.
|
||||||
|
set_prop(shell, traced_perf_enabled_prop)
|
||||||
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
|
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
|
||||||
set_prop(shell, ctl_gsid_prop)
|
set_prop(shell, ctl_gsid_prop)
|
||||||
# Allow shell to enable Dynamic System Update
|
# Allow shell to enable Dynamic System Update
|
||||||
|
Loading…
Reference in New Issue
Block a user