1*e4a36f41SAndroid Build Coastguard Worker# Domain used when running /system/bin/simpleperf to profile a specific app. 2*e4a36f41SAndroid Build Coastguard Worker# Entered either by the app itself exec-ing the binary, or through 3*e4a36f41SAndroid Build Coastguard Worker# simpleperf_app_runner (with shell as its origin). Certain other domains 4*e4a36f41SAndroid Build Coastguard Worker# (runas_app, shell) can also exec this binary without a domain transition. 5*e4a36f41SAndroid Build Coastguard Workertypeattribute simpleperf coredomain; 6*e4a36f41SAndroid Build Coastguard Workertype simpleperf_exec, system_file_type, exec_type, file_type; 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# When running in this domain, simpleperf is scoped to profiling an individual 11*e4a36f41SAndroid Build Coastguard Worker# app. The necessary MAC permissions for profiling are more maintainable and 12*e4a36f41SAndroid Build Coastguard Worker# consistent if simpleperf is marked as an app domain as well (as, for example, 13*e4a36f41SAndroid Build Coastguard Worker# it will then see the same set of system libraries as the app). 14*e4a36f41SAndroid Build Coastguard Workerapp_domain(simpleperf) 15*e4a36f41SAndroid Build Coastguard Workeruntrusted_app_domain(simpleperf) 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Allow ptrace attach to the target app, for reading JIT debug info (using 18*e4a36f41SAndroid Build Coastguard Worker# process_vm_readv) during unwinding and symbolization. 19*e4a36f41SAndroid Build Coastguard Workerallow simpleperf untrusted_app_all:process ptrace; 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Allow using perf_event_open syscall for profiling the target app. 22*e4a36f41SAndroid Build Coastguard Workerallow simpleperf self:perf_event { open read write kernel }; 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# Allow /proc/<pid> access for the target app (for example, when trying to 25*e4a36f41SAndroid Build Coastguard Worker# discover it by cmdline). 26*e4a36f41SAndroid Build Coastguard Workerr_dir_file(simpleperf, untrusted_app_all) 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Worker# Suppress denial logspam when simpleperf is trying to find a matching process 29*e4a36f41SAndroid Build Coastguard Worker# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within 30*e4a36f41SAndroid Build Coastguard Worker# the same domain as their respective processes, most of which this domain is 31*e4a36f41SAndroid Build Coastguard Worker# not allowed to see. 32*e4a36f41SAndroid Build Coastguard Workerdontaudit simpleperf domain:dir search; 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Worker# Neverallows: 35*e4a36f41SAndroid Build Coastguard Worker 36*e4a36f41SAndroid Build Coastguard Worker# Profiling must be confined to the scope of an individual app. 37*e4a36f41SAndroid Build Coastguard Workerneverallow simpleperf self:perf_event ~{ open read write kernel }; 38