| /* |
| * Copyright (C) 2015 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #if defined(__ANDROID__) |
| #include <android-base/properties.h> |
| #endif |
| |
| #include "command.h" |
| #include "environment.h" |
| #include "utils.h" |
| |
| using namespace simpleperf; |
| |
| #if defined(__ANDROID__) |
| |
| bool AndroidSecurityCheck() { |
| if (IsRoot()) { |
| return true; |
| } |
| // Simpleperf can be executed by the shell, or by apps themselves. To avoid malicious apps |
| // exploiting perf_event_open interface via simpleperf, simpleperf needs proof that the user |
| // is expecting simpleperf to be ran: |
| // 1) On Android < 11, perf_event_open is secured by perf_event_allow_path, which is controlled |
| // by security.perf_harden property. perf_event_open syscall can be used only after user setting |
| // security.perf_harden to 0 in shell. So we don't need to check security.perf_harden explicitly. |
| // 2) On Android >= 11, perf_event_open may be controlled by selinux instead of |
| // perf_event_allow_path. So we need to check security.perf_harden explicitly. If simpleperf is |
| // running via shell, we already know the origin of the request is the user, so set the property |
| // ourselves for convenience. When started by the app, we won't have the permission to set the |
| // property, so the user will need to prove this intent by setting it manually via shell. |
| // 3) On Android >= 13, besides perf_harden property, we use persist properties to allow an app |
| // profiling itself even after device reboot. User needs to set the uid of the app which wants to |
| // profile itself. And the permission has an expiration time. |
| int android_version = GetAndroidVersion(); |
| if (android_version >= 13) { |
| if (IsInAppUid() && android::base::GetUintProperty("persist.simpleperf.profile_app_uid", 0u, |
| UINT_MAX) == getuid()) { |
| if (android::base::GetUintProperty<uint64_t>("persist.simpleperf.profile_app_expiration_time", |
| 0, UINT64_MAX) > time(nullptr)) { |
| return true; |
| } |
| } |
| } |
| if (android_version >= 11) { |
| std::string prop_name = "security.perf_harden"; |
| if (android::base::GetProperty(prop_name, "") != "0") { |
| if (!android::base::SetProperty(prop_name, "0")) { |
| fprintf(stderr, |
| "failed to set system property security.perf_harden to 0.\n" |
| "Try using `adb shell setprop security.perf_harden 0` to allow profiling.\n"); |
| return false; |
| } |
| } |
| } |
| return true; |
| } |
| |
| #endif |
| |
| int main(int argc, char** argv) { |
| #if defined(__ANDROID__) |
| if (!AndroidSecurityCheck()) { |
| return 1; |
| } |
| #endif |
| RegisterAllCommands(); |
| return RunSimpleperfCmd(argc, argv) ? 0 : 1; |
| } |
