1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #if defined(__ANDROID__)
18 #include <android-base/properties.h>
19 #endif
20 
21 #include "command.h"
22 #include "environment.h"
23 #include "utils.h"
24 
25 using namespace simpleperf;
26 
27 #if defined(__ANDROID__)
28 
AndroidSecurityCheck()29 bool AndroidSecurityCheck() {
30   if (IsRoot()) {
31     return true;
32   }
33   // Simpleperf can be executed by the shell, or by apps themselves. To avoid malicious apps
34   // exploiting perf_event_open interface via simpleperf, simpleperf needs proof that the user
35   // is expecting simpleperf to be ran:
36   //   1) On Android < 11, perf_event_open is secured by perf_event_allow_path, which is controlled
37   // by security.perf_harden property. perf_event_open syscall can be used only after user setting
38   // security.perf_harden to 0 in shell. So we don't need to check security.perf_harden explicitly.
39   //   2) On Android >= 11, perf_event_open may be controlled by selinux instead of
40   // perf_event_allow_path. So we need to check security.perf_harden explicitly. If simpleperf is
41   // running via shell, we already know the origin of the request is the user, so set the property
42   // ourselves for convenience. When started by the app, we won't have the permission to set the
43   // property, so the user will need to prove this intent by setting it manually via shell.
44   //   3) On Android >= 13, besides perf_harden property, we use persist properties to allow an app
45   // profiling itself even after device reboot. User needs to set the uid of the app which wants to
46   // profile itself. And the permission has an expiration time.
47   int android_version = GetAndroidVersion();
48   if (android_version >= 13) {
49     if (IsInAppUid() && android::base::GetUintProperty("persist.simpleperf.profile_app_uid", 0u,
50                                                        UINT_MAX) == getuid()) {
51       if (android::base::GetUintProperty<uint64_t>("persist.simpleperf.profile_app_expiration_time",
52                                                    0, UINT64_MAX) > time(nullptr)) {
53         return true;
54       }
55     }
56   }
57   if (android_version >= 11) {
58     std::string prop_name = "security.perf_harden";
59     if (android::base::GetProperty(prop_name, "") != "0") {
60       if (!android::base::SetProperty(prop_name, "0")) {
61         fprintf(stderr,
62                 "failed to set system property security.perf_harden to 0.\n"
63                 "Try using `adb shell setprop security.perf_harden 0` to allow profiling.\n");
64         return false;
65       }
66     }
67   }
68   return true;
69 }
70 
71 #endif
72 
main(int argc,char ** argv)73 int main(int argc, char** argv) {
74 #if defined(__ANDROID__)
75   if (!AndroidSecurityCheck()) {
76     return 1;
77   }
78 #endif
79   RegisterAllCommands();
80   return RunSimpleperfCmd(argc, argv) ? 0 : 1;
81 }
82