From 0f3decf2f599fdcb76ad0f9059198fcd0f6c19b4 Mon Sep 17 00:00:00 2001 From: Florian Mayer <fmayer@google.com> Date: Thu, 8 Nov 2018 13:58:13 +0000 Subject: [PATCH] Property to enable heap profile from process startup. This is world-readable so it can be checked in libc's process init. Test: m Test: flash sailfish Bug: 117821125 Change-Id: Iac7317ceb75b5ad9cfb9adabdf16929263fa8a9d --- private/compat/28.0/28.0.ignore.cil | 1 + private/domain.te | 6 ++++++ private/heapprofd.te | 2 ++ private/property_contexts | 3 +++ public/property.te | 2 ++ 5 files changed, 14 insertions(+) diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index 9f4f8004b..cfc2c1a2f 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -37,6 +37,7 @@ hal_system_suspend_default_tmpfs heapprofd heapprofd_exec + heapprofd_prop heapprofd_socket idmap_service intelligence_service diff --git a/private/domain.te b/private/domain.te index 850635b64..6a71a140b 100644 --- a/private/domain.te +++ b/private/domain.te @@ -5,6 +5,12 @@ domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); allow domain crash_dump:process sigchld; +# Allow every process to check the heapprofd.enable properties to determine +# whether to load the heap profiling library. This does not necessarily enable +# heap profiling, as initialization will fail if it does not have the +# necessary SELinux permissions. +get_prop(domain, heapprofd_prop); + # Limit ability to ptrace or read sensitive /proc/pid files of processes # with other UIDs to these whitelisted domains. neverallow { diff --git a/private/heapprofd.te b/private/heapprofd.te index 79249b360..30ad7f12d 100644 --- a/private/heapprofd.te +++ b/private/heapprofd.te @@ -3,6 +3,8 @@ type heapprofd_exec, exec_type, file_type, system_file_type; init_daemon_domain(heapprofd) +set_prop(heapprofd, heapprofd_prop); + userdebug_or_eng(` # Allow to send signal to processes. # This excludes SIGKILL, SIGSTOP and SIGCHLD, diff --git a/private/property_contexts b/private/property_contexts index 0fc3de670..adede99b5 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -143,6 +143,9 @@ wlan. u:object_r:wifi_prop:s0 lowpan. u:object_r:lowpan_prop:s0 ro.lowpan. u:object_r:lowpan_prop:s0 +# heapprofd properties +heapprofd. u:object_r:heapprofd_prop:s0 + # hwservicemanager properties hwservicemanager. u:object_r:hwservicemanager_prop:s0 diff --git a/public/property.te b/public/property.te index 0704b9a00..fcbf36556 100644 --- a/public/property.te +++ b/public/property.te @@ -38,6 +38,7 @@ type exported_secure_prop, property_type; type ffs_prop, property_type, core_property_type; type fingerprint_prop, property_type, core_property_type; type firstboot_prop, property_type; +type heapprofd_prop, property_type; type hwservicemanager_prop, property_type; type last_boot_reason_prop, property_type; type system_lmk_prop, property_type; @@ -396,6 +397,7 @@ compatible_property_only(` -device_config_reset_performed_prop -device_config_boot_count_prop -device_config_flags_health_check_prop + -heapprofd_prop -hwservicemanager_prop -last_boot_reason_prop -system_lmk_prop -- GitLab