aboutsummaryrefslogtreecommitdiff
path: root/perfprofd.te
diff options
context:
space:
mode:
Diffstat (limited to 'perfprofd.te')
-rw-r--r--perfprofd.te59
1 files changed, 0 insertions, 59 deletions
diff --git a/perfprofd.te b/perfprofd.te
deleted file mode 100644
index 0122c55..0000000
--- a/perfprofd.te
+++ /dev/null
@@ -1,59 +0,0 @@
-# perfprofd - perf profile collection daemon
-type perfprofd_exec, exec_type, file_type;
-
-userdebug_or_eng(`
-
- type perfprofd, domain, domain_deprecated, mlstrustedsubject;
-
- init_daemon_domain(perfprofd)
-
- # perfprofd needs to control CPU hot-plug in order to avoid kernel
- # perfevents problems in cases where CPU goes on/off during measurement;
- # this means read access to /sys/devices/system/cpu/possible
- # and read/write access to /sys/devices/system/cpu/cpu*/online
- allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
-
- # perfprofd checks for the existence of and then invokes simpleperf;
- # simpleperf retains perfprofd domain after exec
- allow perfprofd system_file:file rx_file_perms;
-
- # perfprofd reads a config file from /data/data/com.google.android.gms/files
- allow perfprofd app_data_file:file r_file_perms;
- allow perfprofd app_data_file:dir search;
- allow perfprofd self:capability { dac_override };
-
- # perfprofd opens a file for writing in /data/misc/perfprofd
- allow perfprofd perfprofd_data_file:file create_file_perms;
- allow perfprofd perfprofd_data_file:dir rw_dir_perms;
-
- # perfprofd uses the system log
- read_logd(perfprofd);
- write_logd(perfprofd);
-
- # perfprofd inspects /sys/power/wake_unlock
- wakelock_use(perfprofd);
-
- # simpleperf uses ioctl() to turn on kernel perf events measurements
- allow perfprofd self:capability sys_admin;
-
- # simpleperf needs to examine /proc to collect task/thread info
- r_dir_file(perfprofd, domain)
-
- # simpleperf needs to access /proc/<pid>/exec
- allow perfprofd self:capability { sys_resource sys_ptrace };
- neverallow perfprofd domain:process ptrace;
-
- # simpleperf needs open/read any file that turns up in a profile
- # to see whether it has a build ID
- allow perfprofd exec_type:file r_file_perms;
-
- # simpleperf examines debugfs on startup to collect tracepoint event types
- allow perfprofd debugfs_tracing:file r_file_perms;
-
- # simpleperf is going to execute "sleep"
- allow perfprofd toolbox_exec:file rx_file_perms;
-
- # needed for simpleperf on some kernels
- allow perfprofd self:capability ipc_lock;
-
-')
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 08:13:02 +0000