diff options
| author | Ryan Savitski <rsavitski@google.com> | 2020-10-28 18:01:35 +0000 |
|---|---|---|
| committer | Ryan Savitski <rsavitski@google.com> | 2020-10-29 17:41:36 +0000 |
| commit | ea93f110d2c183c9214d18f4290daa73ff0ab84a (patch) | |
| tree | f54d12c8f7217eeffab21f16c06cc9feb1d49421 /trusty/coverage/coverage.cpp | |
| parent | 49a428b62e233008ead1fd1c832d7a528d67b7ee (diff) | |
dev devices with permissive boot: disable perf_event_paranoid
Some functionality based on eBPF attached to tracepoints (gpu memory
accounting and time-in-state) rely on newer devices running with
"disabled" perf_event_paranoid controls as a result of the kernel having
LSM hooks in the perf_event_open syscall instead. This is tested
for, and set up by init via the sys.init.perf_lsm_hooks sysprop.
Development devices that boot into permissive mode still want the
eBPF-based functionality to work, but end up with a paranoid value that
disallows the syscall, as the LSM hook test expects to observe a SELinux
denial (which doesn't happen due to permissiveness).
As a pragmatic way of achieving the paranoid value override, we pretend
that the hook test has succeeded if we detect permissive SELinux during
second-stage init. It'd be nicer if we had a sysprop to reflect the
device's on-boot status of SELinux, but it's not worth adding for this
case.
BYPASS_INCLUSIVE_LANGUAGE_REASON=technical term
Bug: 170674916
Tested: booted crosshatch-userdebug with permissive kernel cmdline,
confirmed that the log message from the new codepath was present
in logcat, sysprop is 1, and paranoid is -1.
Change-Id: I9df5da2076cdbd777d35e50e8cd7a483ec85e20a
Diffstat (limited to 'trusty/coverage/coverage.cpp')
0 files changed, 0 insertions, 0 deletions