Introduce security.lower_kptr_restrict property
This is to allow the tracing service to temporarily lower kptr_restrict for the time it takes to build its internal symbolization map (~200ms), only on userdebug/eng builds. kptr_restrict unfortunately cannot be lowered by the tracing service itself. The main reason for that is the fact that the kernel enforces a CAP_SYS_ADMIN capability check at write() time, so the usual pattern of opening the file in init and passing the FD to the service won't work. For more details see the design doc go/perfetto-kallsyms. Bug: 136133013 Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882 Change-Id: Ib2a8c69ed5348cc436223ff5e3eb8fd8df4ab860
This commit is contained in:
Primiano Tucci
parent
1ef094a890
commit
253289fe07
|
|
@ -1041,6 +1041,14 @@ on property:security.perf_harden=1
|
|||
write /proc/sys/kernel/perf_cpu_time_max_percent 25
|
||||
write /proc/sys/kernel/perf_event_mlock_kb 516
|
||||
|
||||
# This property can be set only on userdebug/eng. See neverallow rule in
|
||||
# /system/sepolicy/private/property.te .
|
||||
on property:security.lower_kptr_restrict=1
|
||||
write /proc/sys/kernel/kptr_restrict 0
|
||||
|
||||
on property:security.lower_kptr_restrict=0
|
||||
write /proc/sys/kernel/kptr_restrict 2
|
||||
|
||||
|
||||
# on shutdown
|
||||
# In device's init.rc, this trigger can be used to do device-specific actions
|
||||
|
|
|
|||
Loading…
Reference in New Issue