Update statsd sepolicies to avoid selinux violations during cts tests and...

Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics am: e27af27f am: 955e543a am: 941c04ac Change-Id: I0b4408a14708e5cd657f483bb8802dc7e98ec913

Update statsd sepolicies to avoid selinux violations during cts tests and...
Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics am: e27af27f am: 955e543a am: 941c04ac Change-Id: I0b4408a14708e5cd657f483bb8802dc7e98ec913
d0996e32 · yro · android-build-merger · 214f4796 · 941c04ac · d0996e32
Commit d0996e32 authored 7 years ago by yro Committed by android-build-merger 7 years ago
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -13,10 +13,15 @@ r_dir_file(statsd, domain)
 #   /system/bin/toolbox
 #   /system/bin/logcat
 #   /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
 allow statsd shell_exec:file rx_file_perms;
 allow statsd system_file:file execute_no_trans;
 allow statsd toolbox_exec:file rx_file_perms;

+userdebug_or_eng(`
+  allow statsd su:fifo_file read;
+')
+
 # Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
 allow statsd stats_data_file:dir create_dir_perms;
 allow statsd stats_data_file:file create_file_perms;
@@ -25,6 +30,7 @@ allow statsd stats_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, incidentd)
 binder_call(statsd, statscompanion_service)
+binder_call(statsd, system_server)

 # Allow logd access.
 read_logd(statsd)
@@ -50,6 +56,10 @@ allow statsd stats:fifo_file write;
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)

+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_power)
+
 ###
 ### neverallow rules
 ###