1# Android heap profiling daemon. go/heapprofd. 2type heapprofd_exec, exec_type, file_type, system_file_type; 3type heapprofd_tmpfs, file_type; 4 5init_daemon_domain(heapprofd) 6tmpfs_domain(heapprofd) 7 8# Allow apps in other MLS contexts (for multi-user) to access 9# shared memory buffers created by heapprofd. 10typeattribute heapprofd_tmpfs mlstrustedobject; 11 12set_prop(heapprofd, heapprofd_prop); 13 14# Necessary for /proc/[pid]/cmdline access & sending signals. 15typeattribute heapprofd mlstrustedsubject; 16 17# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and 18# SIGCHLD, which are controlled by separate permissions. 19allow heapprofd self:capability kill; 20 21# When scanning /proc/[pid]/cmdline to find matching processes for by-name 22# profiling, only allowlisted domains will be allowed by SELinux. Avoid 23# spamming logs with denials for entries that we can not access. 24dontaudit heapprofd domain:dir { search open }; 25 26# Write trace data to the Perfetto traced daemon. This requires connecting to 27# its producer socket and obtaining a (per-process) tmpfs fd. 28perfetto_producer(heapprofd) 29 30# When handling profiling for all processes, heapprofd needs to read 31# executables/libraries/etc to do stack unwinding. 32r_dir_file(heapprofd, nativetest_data_file) 33r_dir_file(heapprofd, system_file_type) 34r_dir_file(heapprofd, apk_data_file) 35r_dir_file(heapprofd, dalvikcache_data_file) 36r_dir_file(heapprofd, vendor_file_type) 37r_dir_file(heapprofd, shell_test_data_file) 38# ART apex files and directory access to the containing /data/misc/apexdata. 39r_dir_file(heapprofd, apex_art_data_file) 40allow heapprofd apex_module_data_file:dir { getattr search }; 41 42# Some dex files are not world-readable. 43# We are still constrained by the SELinux rules above. 44allow heapprofd self:global_capability_class_set dac_read_search; 45 46# For checking profileability. 47allow heapprofd packages_list_file:file r_file_perms; 48 49# Never allow profiling privileged or otherwise incompatible domains. 50# Corresponding allow-rule is in private/domain.te. 51never_profile_heap(`{ 52 apexd 53 app_zygote 54 bpfloader 55 hal_configstore_server 56 init 57 kernel 58 keystore 59 llkd 60 logd 61 logpersist 62 recovery 63 recovery_persist 64 recovery_refresh 65 ueventd 66 vendor_init 67 vold 68 webview_zygote 69 zygote 70}') 71 72full_treble_only(` 73 neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms }; 74') 75