1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
/*
* Copyright (C) 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#if defined(__ANDROID__)
#include <android-base/properties.h>
#endif
#include "command.h"
#include "environment.h"
#include "utils.h"
using namespace simpleperf;
#if defined(__ANDROID__)
bool AndroidSecurityCheck() {
if (IsRoot()) {
return true;
}
// Simpleperf can be executed by the shell, or by apps themselves. To avoid malicious apps
// exploiting perf_event_open interface via simpleperf, simpleperf needs proof that the user
// is expecting simpleperf to be ran:
// 1) On Android < 11, perf_event_open is secured by perf_event_allow_path, which is controlled
// by security.perf_harden property. perf_event_open syscall can be used only after user setting
// security.perf_harden to 0 in shell. So we don't need to check security.perf_harden explicitly.
// 2) On Android >= 11, perf_event_open may be controlled by selinux instead of
// perf_event_allow_path. So we need to check security.perf_harden explicitly. If simpleperf is
// running via shell, we already know the origin of the request is the user, so set the property
// ourselves for convenience. When started by the app, we won't have the permission to set the
// property, so the user will need to prove this intent by setting it manually via shell.
// 3) On Android >= 13, besides perf_harden property, we use persist properties to allow an app
// profiling itself even after device reboot. User needs to set the uid of the app which wants to
// profile itself. And the permission has an expiration time.
int android_version = GetAndroidVersion();
if (android_version >= 13) {
if (IsInAppUid() && android::base::GetUintProperty("persist.simpleperf.profile_app_uid", 0u,
UINT_MAX) == getuid()) {
if (android::base::GetUintProperty<uint64_t>("persist.simpleperf.profile_app_expiration_time",
0, UINT64_MAX) > time(nullptr)) {
return true;
}
}
}
if (android_version >= 11) {
std::string prop_name = "security.perf_harden";
if (android::base::GetProperty(prop_name, "") != "0") {
if (!android::base::SetProperty(prop_name, "0")) {
fprintf(stderr,
"failed to set system property security.perf_harden to 0.\n"
"Try using `adb shell setprop security.perf_harden 0` to allow profiling.\n");
return false;
}
}
}
return true;
}
#endif
int main(int argc, char** argv) {
#if defined(__ANDROID__)
if (!AndroidSecurityCheck()) {
return 1;
}
#endif
RegisterAllCommands();
return RunSimpleperfCmd(argc, argv) ? 0 : 1;
}
|
