Update priv_app selinux policy to allow gmscore to be able to communicate with...

Update priv_app selinux policy to allow gmscore to be able to communicate with statsd am: 31b11d8e am: 2722dd43 Change-Id: I7b480b4f6c1beca41c15f8ebd8e502bd1178196b

Update priv_app selinux policy to allow gmscore to be able to communicate with...
Update priv_app selinux policy to allow gmscore to be able to communicate with statsd am: 31b11d8e am: 2722dd43 Change-Id: I7b480b4f6c1beca41c15f8ebd8e502bd1178196b
64a01931 · yro · android-build-merger · 45b0aa33 · 2722dd43 · 64a01931
Commit 64a01931 authored 7 years ago by yro Committed by android-build-merger 7 years ago
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -21,22 +21,23 @@ allow priv_app self:process ptrace;
 # to their sandbox directory and then dlopen().
 allow priv_app app_data_file:file execute;
+allow priv_app app_api_service:service_manager find;
 allow priv_app audioserver_service:service_manager find;
 allow priv_app cameraserver_service:service_manager find;
 allow priv_app drmserver_service:service_manager find;
 allow priv_app mediacodec_service:service_manager find;
-allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediadrmserver_service:service_manager find;
 allow priv_app mediaextractor_service:service_manager find;
+allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediaserver_service:service_manager find;
 allow priv_app network_watchlist_service:service_manager find;
 allow priv_app nfc_service:service_manager find;
 allow priv_app oem_lock_service:service_manager find;
-allow priv_app radio_service:service_manager find;
-allow priv_app app_api_service:service_manager find;
-allow priv_app system_api_service:service_manager find;
 allow priv_app persistent_data_block_service:service_manager find;
+allow priv_app radio_service:service_manager find;
 allow priv_app recovery_service:service_manager find;
+allow priv_app stats_service:service_manager find;
+allow priv_app system_api_service:service_manager find;
 # Write to /cache.
 allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
@@ -95,6 +96,9 @@ allow priv_app update_engine_service:service_manager find;
 binder_call(priv_app, storaged)
 allow priv_app storaged_service:service_manager find;
+# Allow GMS core to communicate with statsd.
+binder_call(priv_app, statsd)
 # Allow Phone to read/write cached ringtones (opened by system).
 allow priv_app ringtone_file:file { getattr read write };

--- a/private/statsd.te
+++ b/private/statsd.te
@@ -55,6 +55,7 @@ binder_call(statsd, stats)
 neverallow {
  domain
  -dumpstate
+  -priv_app
  -shell
  -stats
  -statsd