diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-20 23:30:20 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-20 23:30:20 +0000 |
| commit | 6d611039ab791a4b78ec35f7d495b1cf0a50b589 (patch) | |
| tree | e8b981e61bb5bfd0d00ddb7c3a11778256811749 | |
| parent | a19d8629cdbe317fac28bdd0478448b892eaeccf (diff) | |
| parent | 37883b47f813bd12e3024859e12a4bd3b9c947cb (diff) | |
Snap for 9779625 from 37883b47f813bd12e3024859e12a4bd3b9c947cb to tm-qpr3-release
Change-Id: I04b4e98a23baf66c2277b9a2e5f6e5f64b56cacf
| -rw-r--r-- | prebuilts/api/33.0/private/app.te | 3 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil | 1 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/platform_app.te | 4 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/property_contexts | 3 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/system_app.te | 4 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/system_server.te | 12 | ||||
| -rw-r--r-- | prebuilts/api/33.0/private/traced.te | 5 | ||||
| -rw-r--r-- | prebuilts/api/33.0/public/property.te | 1 | ||||
| -rw-r--r-- | private/app.te | 3 | ||||
| -rw-r--r-- | private/compat/32.0/32.0.ignore.cil | 1 | ||||
| -rw-r--r-- | private/platform_app.te | 4 | ||||
| -rw-r--r-- | private/property_contexts | 3 | ||||
| -rw-r--r-- | private/system_app.te | 4 | ||||
| -rw-r--r-- | private/system_server.te | 12 | ||||
| -rw-r--r-- | private/traced.te | 5 | ||||
| -rw-r--r-- | public/property.te | 1 |
16 files changed, 64 insertions, 2 deletions
diff --git a/prebuilts/api/33.0/private/app.te b/prebuilts/api/33.0/private/app.te index 86180b075..9a2e02a94 100644 --- a/prebuilts/api/33.0/private/app.te +++ b/prebuilts/api/33.0/private/app.te @@ -54,6 +54,9 @@ get_prop(appdomain, device_config_runtime_native_boot_prop) userdebug_or_eng(`perfetto_producer({ appdomain })') +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(appdomain, traced_oome_heap_session_count_prop) + # Prevent apps from causing presubmit failures. # Apps can cause selinux denials by accessing CE storage # and/or external storage. In either case, the selinux denial is diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil index 076d642e2..7c3058ebc 100644 --- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil +++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil @@ -75,6 +75,7 @@ sysfs_lru_gen_enabled system_dlkm_file tare_service + traced_oome_heap_session_count_prop tv_iapp_service untrusted_app_30 vendor_uuid_mapping_config_file diff --git a/prebuilts/api/33.0/private/platform_app.te b/prebuilts/api/33.0/private/platform_app.te index b40f6b9ea..91149f48c 100644 --- a/prebuilts/api/33.0/private/platform_app.te +++ b/prebuilts/api/33.0/private/platform_app.te @@ -119,6 +119,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms; # Allow platform apps to act as Perfetto producers. perfetto_producer(platform_app) +# Allow performance profiling if the app opts in. +can_profile_heap(platform_app) +can_profile_perf(platform_app) + # Allow platform apps to create VMs virtualizationservice_use(platform_app) diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts index ac288f032..f3bae55b2 100644 --- a/prebuilts/api/33.0/private/property_contexts +++ b/prebuilts/api/33.0/private/property_contexts @@ -218,6 +218,9 @@ ro.lowpan. u:object_r:lowpan_prop:s0 # heapprofd properties heapprofd. u:object_r:heapprofd_prop:s0 +# traced properties +traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint + # hwservicemanager properties hwservicemanager. u:object_r:hwservicemanager_prop:s0 diff --git a/prebuilts/api/33.0/private/system_app.te b/prebuilts/api/33.0/private/system_app.te index 76e5f7dac..d82cff793 100644 --- a/prebuilts/api/33.0/private/system_app.te +++ b/prebuilts/api/33.0/private/system_app.te @@ -177,6 +177,10 @@ get_prop(system_app, oem_unlock_prop) # Allow system apps to act as Perfetto producers. perfetto_producer(system_app) +# Allow performance profiling by the platform itself. +can_profile_heap(system_app) +can_profile_perf(system_app) + ### ### Neverallow rules ### diff --git a/prebuilts/api/33.0/private/system_server.te b/prebuilts/api/33.0/private/system_server.te index 8383a3d60..5e826bf9f 100644 --- a/prebuilts/api/33.0/private/system_server.te +++ b/prebuilts/api/33.0/private/system_server.te @@ -418,7 +418,14 @@ allow system_server mediaserver:udp_socket rw_socket_perms; allow system_server mediadrmserver:tcp_socket rw_socket_perms; allow system_server mediadrmserver:udp_socket rw_socket_perms; -userdebug_or_eng(`perfetto_producer({ system_server })') +# Allow writing performance tracing data to the Perfetto traced daemon. This +# requires connecting to its producer socket and obtaining a (per-process) +# tmpfs fd. +perfetto_producer(system_server) + +# Allow performance profiling by the platform itself. +can_profile_heap(system_server) +can_profile_perf(system_server) # Get file context allow system_server file_contexts_file:file r_file_perms; @@ -823,6 +830,9 @@ get_prop(system_server, hypervisor_prop) # Read persist.wm.debug. properties get_prop(system_server, persist_wm_debug_prop) +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(system_server, traced_oome_heap_session_count_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/prebuilts/api/33.0/private/traced.te b/prebuilts/api/33.0/private/traced.te index a6e200e62..0a4afed6a 100644 --- a/prebuilts/api/33.0/private/traced.te +++ b/prebuilts/api/33.0/private/traced.te @@ -68,6 +68,11 @@ allow traced { set_prop(traced, system_trace_prop) # Allow to lazily start producers. set_prop(traced, traced_lazy_prop) +# Allow tracking the count of sessions intercepting Java OutOfMemoryError +# If there are such tracing sessions and an OutOfMemoryError is thrown by ART, +# the hprof plugin intercepts the error, lazily registers a data source to +# traced and collects a heap dump. +set_prop(traced, traced_oome_heap_session_count_prop) # Allow traced to talk to statsd for logging metrics. unix_socket_send(traced, statsdw, statsd) diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te index deb166b07..9db9b9457 100644 --- a/prebuilts/api/33.0/public/property.te +++ b/prebuilts/api/33.0/public/property.te @@ -91,6 +91,7 @@ system_restricted_prop(sqlite_log_prop) system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(traced_oome_heap_session_count_prop) system_restricted_prop(ab_update_gki_prop) system_restricted_prop(usb_prop) system_restricted_prop(userspace_reboot_exported_prop) diff --git a/private/app.te b/private/app.te index 86180b075..9a2e02a94 100644 --- a/private/app.te +++ b/private/app.te @@ -54,6 +54,9 @@ get_prop(appdomain, device_config_runtime_native_boot_prop) userdebug_or_eng(`perfetto_producer({ appdomain })') +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(appdomain, traced_oome_heap_session_count_prop) + # Prevent apps from causing presubmit failures. # Apps can cause selinux denials by accessing CE storage # and/or external storage. In either case, the selinux denial is diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil index 076d642e2..7c3058ebc 100644 --- a/private/compat/32.0/32.0.ignore.cil +++ b/private/compat/32.0/32.0.ignore.cil @@ -75,6 +75,7 @@ sysfs_lru_gen_enabled system_dlkm_file tare_service + traced_oome_heap_session_count_prop tv_iapp_service untrusted_app_30 vendor_uuid_mapping_config_file diff --git a/private/platform_app.te b/private/platform_app.te index b40f6b9ea..91149f48c 100644 --- a/private/platform_app.te +++ b/private/platform_app.te @@ -119,6 +119,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms; # Allow platform apps to act as Perfetto producers. perfetto_producer(platform_app) +# Allow performance profiling if the app opts in. +can_profile_heap(platform_app) +can_profile_perf(platform_app) + # Allow platform apps to create VMs virtualizationservice_use(platform_app) diff --git a/private/property_contexts b/private/property_contexts index ac288f032..f3bae55b2 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -218,6 +218,9 @@ ro.lowpan. u:object_r:lowpan_prop:s0 # heapprofd properties heapprofd. u:object_r:heapprofd_prop:s0 +# traced properties +traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint + # hwservicemanager properties hwservicemanager. u:object_r:hwservicemanager_prop:s0 diff --git a/private/system_app.te b/private/system_app.te index 76e5f7dac..d82cff793 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -177,6 +177,10 @@ get_prop(system_app, oem_unlock_prop) # Allow system apps to act as Perfetto producers. perfetto_producer(system_app) +# Allow performance profiling by the platform itself. +can_profile_heap(system_app) +can_profile_perf(system_app) + ### ### Neverallow rules ### diff --git a/private/system_server.te b/private/system_server.te index 8383a3d60..5e826bf9f 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -418,7 +418,14 @@ allow system_server mediaserver:udp_socket rw_socket_perms; allow system_server mediadrmserver:tcp_socket rw_socket_perms; allow system_server mediadrmserver:udp_socket rw_socket_perms; -userdebug_or_eng(`perfetto_producer({ system_server })') +# Allow writing performance tracing data to the Perfetto traced daemon. This +# requires connecting to its producer socket and obtaining a (per-process) +# tmpfs fd. +perfetto_producer(system_server) + +# Allow performance profiling by the platform itself. +can_profile_heap(system_server) +can_profile_perf(system_server) # Get file context allow system_server file_contexts_file:file r_file_perms; @@ -823,6 +830,9 @@ get_prop(system_server, hypervisor_prop) # Read persist.wm.debug. properties get_prop(system_server, persist_wm_debug_prop) +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(system_server, traced_oome_heap_session_count_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/private/traced.te b/private/traced.te index a6e200e62..0a4afed6a 100644 --- a/private/traced.te +++ b/private/traced.te @@ -68,6 +68,11 @@ allow traced { set_prop(traced, system_trace_prop) # Allow to lazily start producers. set_prop(traced, traced_lazy_prop) +# Allow tracking the count of sessions intercepting Java OutOfMemoryError +# If there are such tracing sessions and an OutOfMemoryError is thrown by ART, +# the hprof plugin intercepts the error, lazily registers a data source to +# traced and collects a heap dump. +set_prop(traced, traced_oome_heap_session_count_prop) # Allow traced to talk to statsd for logging metrics. unix_socket_send(traced, statsdw, statsd) diff --git a/public/property.te b/public/property.te index deb166b07..9db9b9457 100644 --- a/public/property.te +++ b/public/property.te @@ -91,6 +91,7 @@ system_restricted_prop(sqlite_log_prop) system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(traced_oome_heap_session_count_prop) system_restricted_prop(ab_update_gki_prop) system_restricted_prop(usb_prop) system_restricted_prop(userspace_reboot_exported_prop) |