Accueil Explorer Aide
S'inscrire Connexion
drachfly
/
android10
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
android10
/
system
/
sepolicy
/
private
/
atrace.te

atrace.te 2.6 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. # Domain for atrace process.
    2. 

  2. # It is spawned either by traced_probes or by init for the boottrace service.
    3. 

  3. 

  4. type atrace, domain, coredomain;
    5. 

  5. type atrace_exec, exec_type, file_type, system_file_type;
    6. 

  6. 

  7. # boottrace services uses /data/misc/boottrace/categories
    8. 

  8. allow atrace boottrace_data_file:dir search;
    9. 

  9. allow atrace boottrace_data_file:file r_file_perms;
    10. 

  10. 

  11. # Allow atrace to access tracefs.
    12. 

  12. allow atrace debugfs_tracing:dir r_dir_perms;
    13. 

  13. allow atrace debugfs_tracing:file rw_file_perms;
    14. 

  14. allow atrace debugfs_trace_marker:file getattr;
    15. 

  15. 

  16. # Allow atrace to write data when a pipe is used for stdout/stderr
    17. 

  17. # This is used by Perfetto to capture the output on error in atrace.
    18. 

  18. allow atrace traced_probes:fd use;
    19. 

  19. allow atrace traced_probes:fifo_file write;
    20. 

  20. 

  21. # atrace sets debug.atrace.* properties
    22. 

  22. set_prop(atrace, debug_prop)
    23. 

  23. 

  24. # atrace pokes all the binder-enabled processes at startup with a
    25. 

  25. # SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties.
    26. 

  26. 

  27. # Allow discovery of binder services.
    28. 

  28. allow atrace {
    29. 

  29.   service_manager_type
    30. 

  30.   -apex_service
    31. 

  31.   -incident_service
    32. 

  32.   -iorapd_service
    33. 

  33.   -netd_service
    34. 

  34.   -dnsresolver_service
    35. 

  35.   -stats_service
    36. 

  36.   -dumpstate_service
    37. 

  37.   -installd_service
    38. 

  38.   -vold_service
    39. 

  39.   -lpdump_service
    40. 

  40. }:service_manager { find };
    41. 

  41. allow atrace servicemanager:service_manager list;
    42. 

  42. 

  43. # Allow notifying the processes hosting specific binder services that
    44. 

  44. # trace-related system properties have changed.
    45. 

  45. binder_use(atrace)
    46. 

  46. allow atrace healthd:binder call;
    47. 

  47. allow atrace surfaceflinger:binder call;
    48. 

  48. allow atrace system_server:binder call;
    49. 

  49. allow atrace cameraserver:binder call;
    50. 

  50. 

  51. # Similarly, on debug builds, allow specific HALs to be notified that
    52. 

  52. # trace-related system properties have changed.
    53. 

  53. userdebug_or_eng(`
    54. 

  54.   # List HAL interfaces.
    55. 

  55.   allow atrace hwservicemanager:hwservice_manager list;
    56. 

  56.   # Notify the camera HAL.
    57. 

  57.   hal_client_domain(atrace, hal_camera)
    58. 

  58. ')
    59. 

  59. 

  60. # Remove logspam from notification attempts to non-whitelisted services.
    61. 

  61. dontaudit atrace hwservice_manager_type:hwservice_manager find;
    62. 

  62. dontaudit atrace service_manager_type:service_manager find;
    63. 

  63. dontaudit atrace domain:binder call;
    64. 

  64. 

  65. # atrace can call atrace HAL
    66. 

  66. hal_client_domain(atrace, hal_atrace)
    67. 

  67. 

  68. get_prop(atrace, hwservicemanager_prop)
    69. 

  69. 

  70. userdebug_or_eng(`
    71. 

  71.   # atrace is generally invoked as a standalone binary from shell or perf
    72. 

  72.   # daemons like Perfetto traced_probes. However, in userdebug builds, there is
    73. 

  73.   # a further option to run atrace as an init daemon for boot tracing.
    74. 

  74.   init_daemon_domain(atrace)
    75. 

  75. 

  76.   allow atrace debugfs_tracing_debug:dir r_dir_perms;
    77. 

  77.   allow atrace debugfs_tracing_debug:file rw_file_perms;
    78. 

  78. ')
    79.