commit 650f8d099514036b6f25f203248e01d89f585630
author Primiano Tucci <primiano@google.com> Fri Jan 14 20:32:15 2022 +0000
committer Primiano Tucci <primiano@google.com> Fri Jan 14 23:47:48 2022 +0000
tree c62f776dd4f98eb30d826a4b70ec8a2687c58417
parent 13d4feda1cb63a8a720b2e7dca4b27de01faeb17

Add traced_probes and traced_perf to readtracefd group [SV2 cherrypick]

After the kernel changes [1,2,3] and the matching userspace
CLs [4], any process that needs to access ftrace needs to be
part of the readtracefs capability group introduced by aosp/1912638.

[1] https://lore.kernel.org/all/20211115165350.976783364@linuxfoundation.org/
[2] https://lore.kernel.org/all/20211213092927.298812141@linuxfoundation.org/
[3] https://lore.kernel.org/all/20211213092927.108231338@linuxfoundation.org/
[4] https://android-review.googlesource.com/q/topic:tracefs-access

Bug: 209513178
Bug: 214591300
Bug: 212364925
Change-Id: I6ce3d60983601087f2bb5801951fb5e1a86c1220
Merged-In: I6ce3d60983601087f2bb5801951fb5e1a86c1220

perfetto.rc

diff --git a/perfetto.rc b/perfetto.rc
index e8762fb..11cc42e 100644
--- a/perfetto.rc
+++ b/perfetto.rc
@@ -27,7 +27,7 @@
     user nobody
     # Despite the "log" group below, traced_probes is allowed to read log
     # only on userdebug/eng via selinux (see traced_probes.te).
-    group nobody readproc log
+    group nobody readproc log readtracefs
     writepid /dev/cpuset/system-background/tasks
     # Clean up procfs configuration even if traced_probes crashes
     # unexpectedly.

traced_perf.rc

diff --git a/traced_perf.rc b/traced_perf.rc
index 692977c..cc8d4e8 100644
--- a/traced_perf.rc
+++ b/traced_perf.rc
@@ -25,7 +25,7 @@
     disabled
     socket traced_perf stream 0666 root root
     user nobody
-    group nobody readproc
+    group nobody readproc readtracefs
     capabilities KILL DAC_READ_SEARCH
     writepid /dev/cpuset/foreground/tasks