From 578a189178635f7d486522310293e66e9f980fba Mon Sep 17 00:00:00 2001
From: Howard Ro <yro@google.com>
Date: Fri, 28 Sep 2018 13:34:37 -0700
Subject: [PATCH] Update sepolicies for stats hal

Bug: 116732452
Test: No sepolicy violations observed with this change
(cherry picked from commit I1958182dd8ecc496625da2a2a834f71f5d43e7bb)

Change-Id: Ib386767d8acfacf9fedafd9a79dd555ce233f41c
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/compat/27.0/27.0.ignore.cil | 1 +
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/hwservice_contexts          | 1 +
 public/hwservice.te                 | 1 +
 public/statsd.te                    | 3 +++
 6 files changed, 8 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index c585b668c..5f4950c8a 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -57,6 +57,7 @@
     fastbootd
     fingerprint_vendor_data_file
     fs_bpf
+    fwk_stats_hwservice
     hal_atrace_hwservice
     hal_audiocontrol_hwservice
     hal_authsecret_hwservice
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 95d820e08..891f1a3d6 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -53,6 +53,7 @@
     fastbootd
     fingerprint_vendor_data_file
     fs_bpf
+    fwk_stats_hwservice
     hal_atrace_hwservice
     hal_audiocontrol_hwservice
     hal_authsecret_hwservice
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 4add5c689..4310f0302 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -10,6 +10,7 @@
     ;; TODO(b/116344577): remove after the issue is resolved
     buffer_hub_service
     fastbootd
+    fwk_stats_hwservice
     color_display_service
     hal_atrace_hwservice
     hal_health_storage_hwservice
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index f12385fc1..e7354a74c 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -1,6 +1,7 @@
 android.frameworks.displayservice::IDisplayService              u:object_r:fwk_display_hwservice:s0
 android.frameworks.schedulerservice::ISchedulingPolicyService   u:object_r:fwk_scheduler_hwservice:s0
 android.frameworks.sensorservice::ISensorManager                u:object_r:fwk_sensor_hwservice:s0
+android.frameworks.stats::IStats                                u:object_r:fwk_stats_hwservice:s0
 android.hardware.atrace::IAtraceDevice                          u:object_r:hal_atrace_hwservice:s0
 android.hardware.audio.effect::IEffectsFactory                  u:object_r:hal_audio_hwservice:s0
 android.hardware.audio::IDevicesFactory                         u:object_r:hal_audio_hwservice:s0
diff --git a/public/hwservice.te b/public/hwservice.te
index e7ef2bb85..0064d9de3 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -2,6 +2,7 @@ type default_android_hwservice, hwservice_manager_type;
 type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice;
 type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice;
+type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice;
 type hal_atrace_hwservice, hwservice_manager_type;
 type hal_audiocontrol_hwservice, hwservice_manager_type;
 type hal_audio_hwservice, hwservice_manager_type;
diff --git a/public/statsd.te b/public/statsd.te
index 9c8e9d24c..384ce8a59 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -46,6 +46,9 @@ allow statsd {
   system_api_service
 }:service_manager find;
 
+# Allow statsd to add as HIDL service.
+add_hwservice(statsd, fwk_stats_hwservice)
+
 # Grant statsd to access health hal to access battery metrics.
 allow statsd hal_health_hwservice:hwservice_manager find;
 
-- 
GitLab