Merge "Statsd allow shell in selinux policy"

5670dd1f · Treehugger Robot · Gerrit Code Review · 2732f149 · 022ab0e7 · 5670dd1f
Commit 5670dd1f authored 7 years ago by Treehugger Robot Committed by Gerrit Code Review 7 years ago
--- a/private/shell.te
+++ b/private/shell.te
@@ -45,6 +45,9 @@ domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
 # when exec()-d by statsd.
 domain_auto_trans(shell, perfetto_exec, perfetto)
+# Allow shell to run adb shell cmd stats commands. Needed for CTS.
+binder_call(shell, statsd);
 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
 allow shell perfetto_traces_data_file:dir rw_dir_perms;
 allow shell perfetto_traces_data_file:file r_file_perms;
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -72,6 +72,11 @@ binder_call(statsd, stats)
 allow statsd proc_uid_cputime_showstat:file { getattr open read };
 hal_client_domain(statsd, hal_power)
+# Allow 'adb shell cmd' to upload configs and download output.
+allow statsd adbd:fd use;
+allow statsd adbd:unix_stream_socket { read write };
 ###
 ### neverallow rules
 ###

--- a/private/system_app.te
+++ b/private/system_app.te
@@ -58,6 +58,9 @@ allow system_app anr_data_file:file create_file_perms;
 # Settings need to access app name and icon from asec
 allow system_app asec_apk_file:file r_file_perms;
+# Allow system apps (like Settings) to interact with statsd
+binder_call(system_app, statsd)
 # Allow system apps to interact with incidentd
 binder_call(system_app, incidentd)