Add debug.atrace.tags.enableflags=0 to /default.prop.
This ensures that the property is always set by init
prior to starting any other process, which avoids the need
for the bionic systrace code to try to set the property
if it has not already been set to avoid the full cost of
searching for an undefined property each time. See
change I30ed5b377c91ca4c36568a0e647ddf95d4e4a61a for
the relevant bionic code.
The problem with the current bionic code is that it can
trigger an attempt to set this property from any random
process, which will be denied unless the process is already
authorized to set debug properties. This is visible in the
form of various SELinux avc: denied messages and
init sys_prop: permission denied messages in dmesg output.
Allowing all domains to set such properties is undesirable.
Change-Id: I6d953c0c281fd72ad3eba8a479fd258023579b5b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
