From 64c7a758b48986738f8fef2777d34c169dafd309 Mon Sep 17 00:00:00 2001
From: yro <yro@google.com>
Date: Fri, 20 Apr 2018 11:07:22 -0700
Subject: [PATCH] Setting up sepolicies for statsd planB of listening to its
 own socket

Test: manual
Bug: 78318738
Change-Id: I45c3511860fbe6a1de45c6930052a8865b38986a
---
 private/compat/26.0/26.0.ignore.cil | 2 ++
 private/compat/27.0/27.0.ignore.cil | 2 ++
 private/file.te                     | 2 ++
 private/file_contexts               | 1 +
 private/statsd.te                   | 9 ++++++++-
 5 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 94a37d6ab..42071c9a4 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -90,6 +90,8 @@
     statsd
     statsd_exec
     statsd_tmpfs
+    statsdw
+    statsdw_socket
     statscompanion_service
     storaged_data_file
     sysfs_fs_ext4_features
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 31d08e9ce..d74139a0c 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -77,6 +77,8 @@
     statsd
     statsd_exec
     statsd_tmpfs
+    statsdw
+    statsdw_socket
     storaged_data_file
     system_boot_reason_prop
     system_update_service
diff --git a/private/file.te b/private/file.te
index fda972b48..58ee0def8 100644
--- a/private/file.te
+++ b/private/file.te
@@ -4,6 +4,8 @@ type config_gz, fs_type, proc_type;
 # /data/misc/stats-data, /data/misc/stats-service
 type stats_data_file, file_type, data_file_type, core_data_file_type;
 
+type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
+
 # /data/misc/storaged
 type storaged_data_file, file_type, data_file_type, core_data_file_type;
 
diff --git a/private/file_contexts b/private/file_contexts
index 31cc59d54..348878714 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -133,6 +133,7 @@
 /dev/socket/logd	u:object_r:logd_socket:s0
 /dev/socket/logdr	u:object_r:logdr_socket:s0
 /dev/socket/logdw	u:object_r:logdw_socket:s0
+/dev/socket/statsdw	u:object_r:statsdw_socket:s0
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/mtpd	u:object_r:mtpd_socket:s0
diff --git a/private/statsd.te b/private/statsd.te
index 06d6e01e6..769b4e017 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,4 @@
-type statsd, domain;
+type statsd, domain, mlstrustedsubject;
 typeattribute statsd coredomain;
 
 init_daemon_domain(statsd)
@@ -82,6 +82,13 @@ allow statsd adbd:fd use;
 allow statsd adbd:unix_stream_socket { getattr read write };
 allow statsd shell:fifo_file { getattr read };
 
+unix_socket_send(bluetooth, statsdw, statsd)
+unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(platform_app, statsdw, statsd)
+unix_socket_send(radio, statsdw, statsd)
+unix_socket_send(statsd, statsdw, statsd)
+unix_socket_send(system_server, statsdw, statsd)
+
 ###
 ### neverallow rules
 ###
-- 
GitLab