15c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# perfprofd - perf profile collection daemon 25c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype perfprofd, domain; 35c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype perfprofd_exec, exec_type, file_type; 45c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 55c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanuserdebug_or_eng(` 65c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 75c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman typeattribute perfprofd coredomain; 85c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman typeattribute perfprofd mlstrustedsubject; 95c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 105c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd needs to control CPU hot-plug in order to avoid kernel 115c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfevents problems in cases where CPU goes on/off during measurement; 125c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # this means read access to /sys/devices/system/cpu/possible 135c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # and read/write access to /sys/devices/system/cpu/cpu*/online 145c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd sysfs_devices_system_cpu:file rw_file_perms; 155c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 165c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd checks for the existence of and then invokes simpleperf; 175c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf retains perfprofd domain after exec 185c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd system_file:file rx_file_perms; 195c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 205c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd reads a config file from /data/data/com.google.android.gms/files 215c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd app_data_file:file r_file_perms; 225c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd app_data_file:dir search; 235c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd self:capability { dac_override }; 245c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 255c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd opens a file for writing in /data/misc/perfprofd 265c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd perfprofd_data_file:file create_file_perms; 275c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd perfprofd_data_file:dir rw_dir_perms; 285c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 295c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd uses the system log 305c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman read_logd(perfprofd); 315c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman write_logd(perfprofd); 325c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 335c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # perfprofd inspects /sys/power/wake_unlock 345c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman wakelock_use(perfprofd); 355c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 365c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf uses ioctl() to turn on kernel perf events measurements 375c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd self:capability sys_admin; 385c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 395c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf needs to examine /proc to collect task/thread info 405c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman r_dir_file(perfprofd, domain) 415c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 425c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf needs to access /proc/<pid>/exec 435c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd self:capability { sys_resource sys_ptrace }; 445c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman neverallow perfprofd domain:process ptrace; 455c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 465c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf needs open/read any file that turns up in a profile 475c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # to see whether it has a build ID 485c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd exec_type:file r_file_perms; 495c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 505c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf examines debugfs on startup to collect tracepoint event types 515c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd debugfs_tracing:file r_file_perms; 525c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 535c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # simpleperf is going to execute "sleep" 545c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd toolbox_exec:file rx_file_perms; 555c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 565c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # needed for simpleperf on some kernels 575c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow perfprofd self:capability ipc_lock; 585c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 595c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman') 60