From 3fa4ac55aa321ea6dfde88384a4bfe8a56acc874 Mon Sep 17 00:00:00 2001
From: Hector Dearman <hjd@google.com>
Date: Fri, 16 Nov 2018 15:52:55 +0000
Subject: [PATCH] Allow adb root to send config to perfetto

The perfetto binary (the frontend to traced) reads an input config
from stdin. This CL adds allows perfetto to read the config
from adb shell when the user is rooted

Sample denials:
avc: denied { read } for comm="perfetto" path="pipe:[92340]"
dev="pipefs" ino=92340 scontext=u:r:perfetto:s0 tcontext=u:r:su:s0
tclass=fifo_file permissive=0
avc: denied { read } for comm="perfetto" path="pipe:[92491]"
dev="pipefs" ino=92491 scontext=u:r:perfetto:s0 tcontext=u:r:su:s0
tclass=fifo_file permissive=0

Test: adb root
adb shell
echo 'duration_ms: 1000;' > /sdcard/config
cat /sdcard/config | perfetto --txt -c - -d

Change-Id: I12042dfa9a2c262cec907f0231ce2184f46d1be8
---
 private/perfetto.te | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/private/perfetto.te b/private/perfetto.te
index c068dc517..4d8720a2d 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -20,12 +20,11 @@ binder_use(perfetto)
 binder_call(perfetto, system_server)
 allow perfetto dropbox_service:service_manager find;
 
-# Allow statsd and shell to pipe the trace config to perfetto on stdin and to
-# print out on stdout/stderr.
-allow perfetto statsd:fd use;
-allow perfetto statsd:fifo_file { getattr read write };
-allow perfetto shell:fd use;
-allow perfetto shell:fifo_file { getattr read write };
+# Allow perfetto to read the trace config from statsd and shell
+# (both root and non-root) on stdin and also to write the resulting trace to
+# stdout.
+allow perfetto { statsd shell su }:fd use;
+allow perfetto { statsd shell su }:fifo_file { getattr read write };
 
 # Allow to communicate use, read and write over the adb connection.
 allow perfetto adbd:fd use;
-- 
GitLab