| # Android Heap Profiler Daemon go/heapprofd |
| type heapprofd_exec, exec_type, file_type, system_file_type; |
| |
| init_daemon_domain(heapprofd) |
| |
| set_prop(heapprofd, heapprofd_prop); |
| |
| userdebug_or_eng(` |
| # TODO(fmayer): We will also need this on user to read /proc/<pid>/cmdline |
| # and send signals. |
| typeattribute heapprofd mlstrustedsubject; |
| # Allow to send signal to processes. |
| # This excludes SIGKILL, SIGSTOP and SIGCHLD, |
| # which are controlled by separate permissions. |
| allow heapprofd self:capability kill; |
| |
| # Executables and libraries. |
| # These are needed to read the ELF binary data needed for unwinding. |
| r_dir_file(heapprofd, system_file_type) |
| r_dir_file(heapprofd, apk_data_file) |
| r_dir_file(heapprofd, dalvikcache_data_file) |
| r_dir_file(heapprofd, vendor_file_type) |
| ') |
| |
| # Write trace data to the Perfetto traced damon. This requires connecting to its |
| # producer socket and obtaining a (per-process) tmpfs fd. |
| allow heapprofd traced:fd use; |
| allow heapprofd traced_tmpfs:file { read write getattr map }; |
| unix_socket_connect(heapprofd, traced_producer, traced) |
| |
| never_profile_heap(`{ |
| bpfloader |
| init |
| kernel |
| keystore |
| llkd |
| logd |
| ueventd |
| vendor_init |
| vold |
| }') |
| |
| full_treble_only(` |
| neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms }; |
| ') |
