1*e4a36f41SAndroid Build Coastguard Worker# Domain for atrace process. 2*e4a36f41SAndroid Build Coastguard Worker# It is spawned either by traced_probes or by init for the boottrace service. 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workertype atrace_exec, exec_type, file_type, system_file_type; 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Worker# boottrace services uses /data/misc/boottrace/categories 7*e4a36f41SAndroid Build Coastguard Workerallow atrace boottrace_data_file:dir search; 8*e4a36f41SAndroid Build Coastguard Workerallow atrace boottrace_data_file:file r_file_perms; 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# Allow atrace to access tracefs. 11*e4a36f41SAndroid Build Coastguard Workerallow atrace debugfs_tracing:dir r_dir_perms; 12*e4a36f41SAndroid Build Coastguard Workerallow atrace debugfs_tracing:file rw_file_perms; 13*e4a36f41SAndroid Build Coastguard Workerallow atrace debugfs_trace_marker:file getattr; 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Worker# Allow atrace to write data when a pipe is used for stdout/stderr 16*e4a36f41SAndroid Build Coastguard Worker# This is used by Perfetto to capture the output on error in atrace. 17*e4a36f41SAndroid Build Coastguard Workerallow atrace traced_probes:fd use; 18*e4a36f41SAndroid Build Coastguard Workerallow atrace traced_probes:fifo_file write; 19*e4a36f41SAndroid Build Coastguard Worker 20*e4a36f41SAndroid Build Coastguard Worker# atrace sets debug.atrace.* properties 21*e4a36f41SAndroid Build Coastguard Workerset_prop(atrace, debug_prop) 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Worker# atrace pokes all the binder-enabled processes at startup with a 24*e4a36f41SAndroid Build Coastguard Worker# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties. 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker# Allow discovery of binder services. 27*e4a36f41SAndroid Build Coastguard Workerallow atrace { 28*e4a36f41SAndroid Build Coastguard Worker service_manager_type 29*e4a36f41SAndroid Build Coastguard Worker -apex_service 30*e4a36f41SAndroid Build Coastguard Worker -dnsresolver_service 31*e4a36f41SAndroid Build Coastguard Worker -dumpstate_service 32*e4a36f41SAndroid Build Coastguard Worker -incident_service 33*e4a36f41SAndroid Build Coastguard Worker -installd_service 34*e4a36f41SAndroid Build Coastguard Worker -iorapd_service 35*e4a36f41SAndroid Build Coastguard Worker -lpdump_service 36*e4a36f41SAndroid Build Coastguard Worker -netd_service 37*e4a36f41SAndroid Build Coastguard Worker -stats_service 38*e4a36f41SAndroid Build Coastguard Worker -tracingproxy_service 39*e4a36f41SAndroid Build Coastguard Worker -vold_service 40*e4a36f41SAndroid Build Coastguard Worker -default_android_service 41*e4a36f41SAndroid Build Coastguard Worker}:service_manager { find }; 42*e4a36f41SAndroid Build Coastguard Workerallow atrace servicemanager:service_manager list; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Worker# Allow notifying the processes hosting specific binder services that 45*e4a36f41SAndroid Build Coastguard Worker# trace-related system properties have changed. 46*e4a36f41SAndroid Build Coastguard Workerbinder_use(atrace) 47*e4a36f41SAndroid Build Coastguard Workerallow atrace healthd:binder call; 48*e4a36f41SAndroid Build Coastguard Workerallow atrace surfaceflinger:binder call; 49*e4a36f41SAndroid Build Coastguard Workerallow atrace system_server:binder call; 50*e4a36f41SAndroid Build Coastguard Workerallow atrace cameraserver:binder call; 51*e4a36f41SAndroid Build Coastguard Worker 52*e4a36f41SAndroid Build Coastguard Worker# Similarly, on debug builds, allow specific HALs to be notified that 53*e4a36f41SAndroid Build Coastguard Worker# trace-related system properties have changed. 54*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 55*e4a36f41SAndroid Build Coastguard Worker # List HAL interfaces. 56*e4a36f41SAndroid Build Coastguard Worker allow atrace hwservicemanager:hwservice_manager list; 57*e4a36f41SAndroid Build Coastguard Worker # Notify the camera HAL. 58*e4a36f41SAndroid Build Coastguard Worker hal_client_domain(atrace, hal_camera) 59*e4a36f41SAndroid Build Coastguard Worker hal_client_domain(atrace, hal_vibrator) 60*e4a36f41SAndroid Build Coastguard Worker') 61*e4a36f41SAndroid Build Coastguard Worker 62*e4a36f41SAndroid Build Coastguard Worker# Remove logspam from notification attempts to non-allowlisted services. 63*e4a36f41SAndroid Build Coastguard Workerdontaudit atrace hwservice_manager_type:hwservice_manager find; 64*e4a36f41SAndroid Build Coastguard Workerdontaudit atrace service_manager_type:service_manager find; 65*e4a36f41SAndroid Build Coastguard Workerdontaudit atrace domain:binder call; 66*e4a36f41SAndroid Build Coastguard Worker 67*e4a36f41SAndroid Build Coastguard Worker# atrace can call atrace HAL 68*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(atrace, hal_atrace) 69*e4a36f41SAndroid Build Coastguard Worker 70*e4a36f41SAndroid Build Coastguard Workerget_prop(atrace, hwservicemanager_prop) 71*e4a36f41SAndroid Build Coastguard Worker 72*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 73*e4a36f41SAndroid Build Coastguard Worker # atrace is generally invoked as a standalone binary from shell or perf 74*e4a36f41SAndroid Build Coastguard Worker # daemons like Perfetto traced_probes. However, in userdebug builds, there is 75*e4a36f41SAndroid Build Coastguard Worker # a further option to run atrace as an init daemon for boot tracing. 76*e4a36f41SAndroid Build Coastguard Worker init_daemon_domain(atrace) 77*e4a36f41SAndroid Build Coastguard Worker 78*e4a36f41SAndroid Build Coastguard Worker allow atrace debugfs_tracing_debug:dir r_dir_perms; 79*e4a36f41SAndroid Build Coastguard Worker allow atrace debugfs_tracing_debug:file rw_file_perms; 80*e4a36f41SAndroid Build Coastguard Worker') 81