On Wed, 2016-10-19 at 10:41 +0100, Mark Rutland wrote: > On Mon, Oct 17, 2016 at 10:54:33AM -0400, Daniel Micay wrote: > > On Mon, 2016-10-17 at 14:44 +0100, Mark Rutland wrote: > > > It's also my understanding that for Android, perf_event_paranoid > > > is > > > lowered when the user enables developer mode (rather than only > > > when an > > > external debugger is attached); is that correct? > > > > It's exposed as a "system property" marked as writable by the shell > > user, so the Android Debug Bridge shell can lower it. The debugging > > tools learned how to toggle it off automatically when they're used. > > It > > intentionally isn't a persist. prefixed property so the setting also > > goes away on reboot. > > > > ADB (incl. the shell user) isn't available until developer mode is > > enabled + ADB is toggled on in the developer settings, and then it > > still > > requires whitelisting keys. > > Ah; so I'd misunderstood somewhat. > > I was under the (clearly mistaken) impression that this was lowered > when > developer mode was enabled, rather than only when it was both enabled > and ADB was connected, for example. > > Thanks for clearing that up! ADB provides a shell as the 'shell' user, and that user has the ability to toggle the sysctl. So profiling tools were able to be taught to do that automatically. It's the only way that the 'shell' user is actually exposed. For example, a terminal app just runs in the untrusted_app SELinux domain as a unique unprivileged uid/gid pair, not as the much more privileged ADB 'shell' domain. So it doesn't actually get toggled off you use ADB to do something else. ADB itself is pretty much comparable to SSH, but over USB (i.e. key- based way of getting a shell). The 'shell' user has tools like 'run-as' to be able to run things as various apps (if they are marked debuggable), so in theory it could be finer-grained and act only there, for the app being debugged. It would be really hard to cover all use cases and maybe things other than apps though (although in an Android 'user' build, the base system itself isn't very debuggable, you really need 'userdebug' or 'eng' which isn't what ships on end user devices).
Attachment:
signature.asc
Description: This is a digitally signed message part