From 0f3decf2f599fdcb76ad0f9059198fcd0f6c19b4 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Thu, 8 Nov 2018 13:58:13 +0000
Subject: [PATCH] Property to enable heap profile from process startup.

This is world-readable so it can be checked in libc's process init.

Test: m
Test: flash sailfish

Bug: 117821125

Change-Id: Iac7317ceb75b5ad9cfb9adabdf16929263fa8a9d
---
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/domain.te                   | 6 ++++++
 private/heapprofd.te                | 2 ++
 private/property_contexts           | 3 +++
 public/property.te                  | 2 ++
 5 files changed, 14 insertions(+)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 9f4f8004b..cfc2c1a2f 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -37,6 +37,7 @@
     hal_system_suspend_default_tmpfs
     heapprofd
     heapprofd_exec
+    heapprofd_prop
     heapprofd_socket
     idmap_service
     intelligence_service
diff --git a/private/domain.te b/private/domain.te
index 850635b64..6a71a140b 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -5,6 +5,12 @@
 domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
 allow domain crash_dump:process sigchld;
 
+# Allow every process to check the heapprofd.enable properties to determine
+# whether to load the heap profiling library. This does not necessarily enable
+# heap profiling, as initialization will fail if it does not have the
+# necessary SELinux permissions.
+get_prop(domain, heapprofd_prop);
+
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
 # with other UIDs to these whitelisted domains.
 neverallow {
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 79249b360..30ad7f12d 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -3,6 +3,8 @@ type heapprofd_exec, exec_type, file_type, system_file_type;
 
 init_daemon_domain(heapprofd)
 
+set_prop(heapprofd, heapprofd_prop);
+
 userdebug_or_eng(`
   # Allow to send signal to processes.
   # This excludes SIGKILL, SIGSTOP and SIGCHLD,
diff --git a/private/property_contexts b/private/property_contexts
index 0fc3de670..adede99b5 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -143,6 +143,9 @@ wlan.                   u:object_r:wifi_prop:s0
 lowpan.                 u:object_r:lowpan_prop:s0
 ro.lowpan.              u:object_r:lowpan_prop:s0
 
+# heapprofd properties
+heapprofd.              u:object_r:heapprofd_prop:s0
+
 # hwservicemanager properties
 hwservicemanager.       u:object_r:hwservicemanager_prop:s0
 
diff --git a/public/property.te b/public/property.te
index 0704b9a00..fcbf36556 100644
--- a/public/property.te
+++ b/public/property.te
@@ -38,6 +38,7 @@ type exported_secure_prop, property_type;
 type ffs_prop, property_type, core_property_type;
 type fingerprint_prop, property_type, core_property_type;
 type firstboot_prop, property_type;
+type heapprofd_prop, property_type;
 type hwservicemanager_prop, property_type;
 type last_boot_reason_prop, property_type;
 type system_lmk_prop, property_type;
@@ -396,6 +397,7 @@ compatible_property_only(`
     -device_config_reset_performed_prop
     -device_config_boot_count_prop
     -device_config_flags_health_check_prop
+    -heapprofd_prop
     -hwservicemanager_prop
     -last_boot_reason_prop
     -system_lmk_prop
-- 
GitLab