Allow perfetto traced_probes to poll /proc/{meminfo,stat,vmstat,...}

This allows the trace producer daemon to snapshot counters at high frequency in the trace. As usual for Perfetto, this data is NOT made available to arbitrary apps but only to an extremely limited subset of processes governed by selinux rules (currently shell and statsd). Bug: 115956288 Change-Id: I7e1bfda4b568b9bac9012b198ecbb998da4f773d

Allow perfetto traced_probes to poll /proc/{meminfo,stat,vmstat,...}
This allows the trace producer daemon to snapshot counters at high frequency in the trace. As usual for Perfetto, this data is NOT made available to arbitrary apps but only to an extremely limited subset of processes governed by selinux rules (currently shell and statsd). Bug: 115956288 Change-Id: I7e1bfda4b568b9bac9012b198ecbb998da4f773d
51dc7cb1 · Primiano Tucci · ca4217e2 · 51dc7cb1
Commit 51dc7cb1 authored 6 years ago by Primiano Tucci
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -57,6 +57,15 @@ domain_auto_trans(traced_probes, atrace_exec, atrace);
 # scontext=u:r:atrace:s0 tcontext=u:r:traced_probes:s0 tclass=fd
 allow atrace traced_probes:fd use;

+# Allow traced_probes to access /proc files for system stats.
+# Note: trace data is NOT exposed to anything other than shell and privileged
+# system apps that have access to the traced consumer socket.
+allow traced_probes {
+  proc_meminfo
+  proc_vmstat
+  proc_stat
+}:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###