3

I used to be able to run systrace on my Nexus 6, but recently it stopped working (probably after one of the recent monthly updates): systrace hangs trying to download the trace off my device.

In adb logcat, I see a bunch of lines like

05-26 14:57:08.567  4933  4933 W <my.app.package>: type=1400 audit(0.0:23388710): avc: denied { getattr } for comm=66627379737472616365206E6F7469 path="/sys/kernel/debug/tracing/trace" dev="debugfs" ino=4158 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0

I know systrace uses debugfs, and this appears to be a SELinux permission issue (see https://source.android.com/security/selinux/validate.html). Has anyone got this working again?

Foxichu
  • 952
  • 10
  • 22

1 Answers1

0

This is by design. Debugfs has a lot of deangerous bits in it, hence the split to tracefs. For more information these articles are handy:

in system/sepolicy on AOSP, one can find neverallows on this:

96b1c9ca (Nick Kralevich 2015-12-17 16:38:21 -0800 564) neverallow { domain -init -system_server -dumpstate } debugfs:file no_rw_file_perms;

As well as read for untrusted_app (which is covered by the above and seems superfluous):

$ git blame -L106,106 untrusted_app.te
96b1c9ca (Nick Kralevich 2015-12-17 16:38:21 -0800 106) neverallow untrusted_app debugfs_type:file read;

By the way, if you get hex-encoded comm fields, one can decode them like so, using Python:

'66627379737472616365206E6F7469'.decode('hex')
'fbsystrace noti
William Roberts
  • 759
  • 6
  • 12
  • 1
    This begs the question: if debugfs was deliberately turned off, and systrace is still supported, why isn't systrace using tracefs? Is the OP doing something wrong, or is systrace simply broken on the currently-shipping Nexus 6 software? – fadden Jun 13 '16 at 23:06