1*e4a36f41SAndroid Build Coastguard Worker# Android heap profiling daemon. go/heapprofd. 2*e4a36f41SAndroid Build Coastguard Workertype heapprofd_exec, exec_type, file_type, system_file_type; 3*e4a36f41SAndroid Build Coastguard Workertype heapprofd_tmpfs, file_type; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(heapprofd) 6*e4a36f41SAndroid Build Coastguard Workertmpfs_domain(heapprofd) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# Allow apps in other MLS contexts (for multi-user) to access 9*e4a36f41SAndroid Build Coastguard Worker# shared memory buffers created by heapprofd. 10*e4a36f41SAndroid Build Coastguard Workertypeattribute heapprofd_tmpfs mlstrustedobject; 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Workerset_prop(heapprofd, heapprofd_prop); 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Necessary for /proc/[pid]/cmdline access & sending signals. 15*e4a36f41SAndroid Build Coastguard Workertypeattribute heapprofd mlstrustedsubject; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and 18*e4a36f41SAndroid Build Coastguard Worker# SIGCHLD, which are controlled by separate permissions. 19*e4a36f41SAndroid Build Coastguard Workerallow heapprofd self:capability kill; 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# When scanning /proc/[pid]/cmdline to find matching processes for by-name 22*e4a36f41SAndroid Build Coastguard Worker# profiling, only allowlisted domains will be allowed by SELinux. Avoid 23*e4a36f41SAndroid Build Coastguard Worker# spamming logs with denials for entries that we can not access. 24*e4a36f41SAndroid Build Coastguard Workerdontaudit heapprofd domain:dir { search open }; 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker# Write trace data to the Perfetto traced daemon. This requires connecting to 27*e4a36f41SAndroid Build Coastguard Worker# its producer socket and obtaining a (per-process) tmpfs fd. 28*e4a36f41SAndroid Build Coastguard Workerperfetto_producer(heapprofd) 29*e4a36f41SAndroid Build Coastguard Worker 30*e4a36f41SAndroid Build Coastguard Worker# When handling profiling for all processes, heapprofd needs to read 31*e4a36f41SAndroid Build Coastguard Worker# executables/libraries/etc to do stack unwinding. 32*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, nativetest_data_file) 33*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, system_file_type) 34*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, apk_data_file) 35*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, dalvikcache_data_file) 36*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, vendor_file_type) 37*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, shell_test_data_file) 38*e4a36f41SAndroid Build Coastguard Worker# ART apex files and directory access to the containing /data/misc/apexdata. 39*e4a36f41SAndroid Build Coastguard Workerr_dir_file(heapprofd, apex_art_data_file) 40*e4a36f41SAndroid Build Coastguard Workerallow heapprofd apex_module_data_file:dir { getattr search }; 41*e4a36f41SAndroid Build Coastguard Worker 42*e4a36f41SAndroid Build Coastguard Worker# Some dex files are not world-readable. 43*e4a36f41SAndroid Build Coastguard Worker# We are still constrained by the SELinux rules above. 44*e4a36f41SAndroid Build Coastguard Workerallow heapprofd self:global_capability_class_set dac_read_search; 45*e4a36f41SAndroid Build Coastguard Worker 46*e4a36f41SAndroid Build Coastguard Worker# For checking profileability. 47*e4a36f41SAndroid Build Coastguard Workerallow heapprofd packages_list_file:file r_file_perms; 48*e4a36f41SAndroid Build Coastguard Worker 49*e4a36f41SAndroid Build Coastguard Worker# Never allow profiling privileged or otherwise incompatible domains. 50*e4a36f41SAndroid Build Coastguard Worker# Corresponding allow-rule is in private/domain.te. 51*e4a36f41SAndroid Build Coastguard Workernever_profile_heap(`{ 52*e4a36f41SAndroid Build Coastguard Worker apexd 53*e4a36f41SAndroid Build Coastguard Worker app_zygote 54*e4a36f41SAndroid Build Coastguard Worker bpfloader 55*e4a36f41SAndroid Build Coastguard Worker hal_configstore_server 56*e4a36f41SAndroid Build Coastguard Worker init 57*e4a36f41SAndroid Build Coastguard Worker kernel 58*e4a36f41SAndroid Build Coastguard Worker keystore 59*e4a36f41SAndroid Build Coastguard Worker llkd 60*e4a36f41SAndroid Build Coastguard Worker logd 61*e4a36f41SAndroid Build Coastguard Worker logpersist 62*e4a36f41SAndroid Build Coastguard Worker recovery 63*e4a36f41SAndroid Build Coastguard Worker recovery_persist 64*e4a36f41SAndroid Build Coastguard Worker recovery_refresh 65*e4a36f41SAndroid Build Coastguard Worker ueventd 66*e4a36f41SAndroid Build Coastguard Worker vendor_init 67*e4a36f41SAndroid Build Coastguard Worker vold 68*e4a36f41SAndroid Build Coastguard Worker webview_zygote 69*e4a36f41SAndroid Build Coastguard Worker zygote 70*e4a36f41SAndroid Build Coastguard Worker}') 71*e4a36f41SAndroid Build Coastguard Worker 72*e4a36f41SAndroid Build Coastguard Workerfull_treble_only(` 73*e4a36f41SAndroid Build Coastguard Worker neverallow heapprofd vendor_file_type:file no_w_file_perms; 74*e4a36f41SAndroid Build Coastguard Worker neverallow heapprofd { vendor_file_type -vndk_sp_file }:file no_x_file_perms; 75*e4a36f41SAndroid Build Coastguard Worker') 76