xref: /aosp_15_r20/system/sepolicy/prebuilts/api/34.0/private/simpleperf.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1# Domain used when running /system/bin/simpleperf to profile a specific app.
2# Entered either by the app itself exec-ing the binary, or through
3# simpleperf_app_runner (with shell as its origin). Certain other domains
4# (runas_app, shell) can also exec this binary without a domain transition.
5typeattribute simpleperf coredomain;
6type simpleperf_exec, system_file_type, exec_type, file_type;
7
8# Define apps that can be marked debuggable/profileable and be profiled by simpleperf.
9define(`simpleperf_profileable_apps', `{
10  ephemeral_app
11  isolated_app
12  platform_app
13  priv_app
14  untrusted_app_all
15}')
16
17domain_auto_trans({ simpleperf_profileable_apps -runas_app }, simpleperf_exec, simpleperf)
18
19# When running in this domain, simpleperf is scoped to profiling an individual
20# app. The necessary MAC permissions for profiling are more maintainable and
21# consistent if simpleperf is marked as an app domain as well (as, for example,
22# it will then see the same set of system libraries as the app).
23app_domain(simpleperf)
24untrusted_app_domain(simpleperf)
25
26# Allow ptrace attach to the target app, for reading JIT debug info (using
27# process_vm_readv) during unwinding and symbolization.
28allow simpleperf simpleperf_profileable_apps:process ptrace;
29
30# Allow using perf_event_open syscall for profiling the target app.
31allow simpleperf self:perf_event { open read write kernel };
32
33# Allow /proc/<pid> access for the target app (for example, when trying to
34# discover it by cmdline).
35r_dir_file(simpleperf, simpleperf_profileable_apps)
36
37# Allow apps signalling simpleperf domain, which is the domain that the simpleperf
38# profiler runs as when executed by the app. The signals are used to control
39# the profiler (which would be profiling the app that is sending the signal).
40allow simpleperf_profileable_apps simpleperf:process signal;
41
42# Suppress denial logspam when simpleperf is trying to find a matching process
43# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
44# the same domain as their respective processes, most of which this domain is
45# not allowed to see.
46dontaudit simpleperf domain:dir search;
47
48# Neverallows:
49
50# Profiling must be confined to the scope of an individual app.
51neverallow simpleperf self:perf_event ~{ open read write kernel };
52