Skip to content
Snippets Groups Projects
  • Ryan Savitski's avatar
    Allow heap profiling of certain app domains on user builds · ca0690e8
    Ryan Savitski authored
    This patch extends the current debug-specific rules to cover user
    builds. As a reminder, on user, the target process fork-execs a private
    heapprofd process, which then performs stack unwinding & talking to the
    central tracing daemon while staying in the target's domain. The central
    heapprofd daemon is only responsible for identifying targets & sending
    the activation signal. On the other hand, on debug, the central
    heapprofd can handle all processes directly, so the necessary SELinux
    capabilities depend on the build type.
    
    These rules are necessary but not sufficient for profiling. For zygote
    children, the libc triggering logic will also check for the app to
    either be debuggable, or go/profileable.
    
    For more context, see go/heapprofd-security & go/heapprofd-design.
    
    Note that I've had to split this into two separate macros, as
    exec_no_trans - which is necessary on user, but nice-to-have on debug -
    conflicts with a lot of neverallows (e.g. HALs and system_server) for
    the wider whitelisting that we do on debug builds.
    
    Test: built & flashed on {blueline-userdebug, blueline-user}, activated profiling of whitelisted/not domains & checked for lack of denials in logcat.
    Bug: 120409382
    Change-Id: Id0defc3105b99f777bcee2046d9894a2b39c6a29
    ca0690e8