Skip to content
Snippets Groups Projects
Commit aeca04b9 authored by Florian Mayer's avatar Florian Mayer
Browse files

Allow to signal perfetto from shell.

When daemonizing perfetto, SIGINT should be sent to ensure clean
shutdown.

Denial:
12-06 11:12:16.566  3099  3099 I sh      : type=1400 audit(0.0:462): avc: denied { signal } for scontext=u:r:shell:s0 tcontext=u:r:perfetto:s0 tclass=process permissive=1

Test: m
Test: flash walleye
Test: SIGINT perfetto from shell

Change-Id: I8d34b447ea90c315faf88f020f1dfc49e4abbcce
parent ecccfc84
No related branches found
No related tags found
No related merge requests found
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
# This command line client accesses the privileged socket of the traced # This command line client accesses the privileged socket of the traced
# daemon. # daemon.
type perfetto, domain, coredomain;
type perfetto_exec, system_file_type, exec_type, file_type; type perfetto_exec, system_file_type, exec_type, file_type;
tmpfs_domain(perfetto); tmpfs_domain(perfetto);
......
...@@ -44,6 +44,8 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell) ...@@ -44,6 +44,8 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
# transition into its own domain, so that it behaves consistently to # transition into its own domain, so that it behaves consistently to
# when exec()-d by statsd. # when exec()-d by statsd.
domain_auto_trans(shell, perfetto_exec, perfetto) domain_auto_trans(shell, perfetto_exec, perfetto)
# Allow to send SIGINT to perfetto when daemonized.
allow shell perfetto:process signal;
# Allow shell to run adb shell cmd stats commands. Needed for CTS. # Allow shell to run adb shell cmd stats commands. Needed for CTS.
binder_call(shell, statsd); binder_call(shell, statsd);
......
...@@ -432,7 +432,9 @@ neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms; ...@@ -432,7 +432,9 @@ neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms;
# sigchld allowed for parent death notification. # sigchld allowed for parent death notification.
# signull allowed for kill(pid, 0) existence test. # signull allowed for kill(pid, 0) existence test.
# All others prohibited. # All others prohibited.
neverallow appdomain { domain -appdomain }:process # -perfetto is to allow shell (which is an appdomain) to kill perfetto
# (see private/shell.te).
neverallow appdomain { domain -appdomain -perfetto }:process
{ sigkill sigstop signal }; { sigkill sigstop signal };
# Write to rootfs. # Write to rootfs.
......
type perfetto, domain, coredomain;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment