Revert "Setting up SELinux policy for statsd and stats service"

This reverts commit 5744cbdf. Reason for revert: aosp_dragon-userdebug build broken Change-Id: I5f8180273c32119ae9839f31610bbca37cd05c65

Revert "Setting up SELinux policy for statsd and stats service"
d496ea7a · Howard Ro · 5744cbdf · d496ea7a · d496ea7a · d496ea7a
Commit d496ea7a authored Dec 16, 2017 by Howard Ro
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -28,13 +28,6 @@
    package_native_service
    property_info
    slice_service
-    stats
-    stats_data_file
-    stats_exec
-    stats_service
-    statsd
-    statsd_exec
-    statsd_tmpfs
    statscompanion_service
    storaged_data_file
    sysfs_fs_ext4_features


--- a/private/file.te
+++ b/private/file.te
 # /proc/config.gz
 type config_gz, fs_type;
-# /data/misc/stats-data, /data/misc/stats-service
-type stats_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc/storaged
 type storaged_data_file, file_type, data_file_type, core_data_file_type;


--- a/private/file_contexts
+++ b/private/file_contexts
@@ -277,8 +277,6 @@
 /system/bin/vr_hwc               u:object_r:vr_hwc_exec:s0
 /system/bin/adbd                 u:object_r:adbd_exec:s0
 /system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0
-/system/bin/stats                u:object_r:stats_exec:s0
-/system/bin/statsd               u:object_r:statsd_exec:s0
 #############################
 # Vendor files
@@ -386,8 +384,6 @@
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
-/data/misc/stats-data(/.*)?     u:object_r:stats_data_file:s0
-/data/misc/stats-service(/.*)?  u:object_r:stats_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
 /data/misc/textclassifier(/.*)?       u:object_r:textclassifier_data_file:s0
 /data/misc/user(/.*)?           u:object_r:misc_user_data_file:s0


--- a/private/service.te
+++ b/private/service.te
-type stats_service, service_manager_type;
-type statscompanion_service, system_server_service, service_manager_type;
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -142,7 +142,6 @@ simphonebook2                             u:object_r:radio_service:s0
 simphonebook                              u:object_r:radio_service:s0
 sip                                       u:object_r:radio_service:s0
 slice                                     u:object_r:slice_service:s0
-stats                                     u:object_r:stats_service:s0
 statscompanion                            u:object_r:statscompanion_service:s0
 soundtrigger                              u:object_r:voiceinteraction_service:s0
 statusbar                                 u:object_r:statusbar_service:s0


--- a/private/stats.te
+++ b/private/stats.te
-type stats, domain;
-typeattribute stats coredomain;
-type stats_exec, exec_type, file_type;
-# switch to stats domain for stats command
-domain_auto_trans(shell, stats_exec, stats)
-# allow stats access to stdout from its parent shell.
-allow stats shell:fd use;
-# allow stats to communicate use, read and write over the adb
-# connection.
-allow stats adbd:fd use;
-allow stats adbd:unix_stream_socket { read write };
-# allow adbd to reap stats
-allow stats adbd:process { sigchld };
-# Allow the stats command to talk to the statsd over the binder, and get
-# back the stats report data from a ParcelFileDescriptor.
-binder_use(stats)
-allow stats stats_service:service_manager find;
-binder_call(stats, statsd)
-allow stats statsd:fifo_file write;
--- a/private/statsd.te
+++ b/private/statsd.te
-type statsd, domain;
-typeattribute statsd coredomain;
-init_daemon_domain(statsd)
-type statsd_exec, exec_type, file_type;
-binder_use(statsd)
-# Allow statsd to scan through /proc/pid for all processes.
-r_dir_file(statsd, domain)
-# Allow executing files on system, such as running a shell or running:
-#   /system/bin/toolbox
-#   /system/bin/logcat
-#   /system/bin/dumpsys
-allow statsd shell_exec:file rx_file_perms;
-allow statsd system_file:file execute_no_trans;
-allow statsd toolbox_exec:file rx_file_perms;
-# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
-allow statsd stats_data_file:dir create_dir_perms;
-allow statsd stats_data_file:file create_file_perms;
-# Allow statsd to make binder calls to any binder service.
-binder_call(statsd, appdomain)
-binder_call(statsd, incidentd)
-binder_call(statsd, statscompanion_service)
-# Allow logd access.
-read_logd(statsd)
-control_logd(statsd)
-# Grant statsd with permissions to register the services.
-allow statsd {
-  statscompanion_service
-  app_api_service
-  system_api_service
-}:service_manager find;
-# Only statsd can publish the binder service.
-add_service(statsd, stats_service)
-# Allow pipes from (and only from) stats.
-allow statsd stats:fd use;
-allow statsd stats:fifo_file write;
-# Allow statsd to call back to stats with status updates.
-binder_call(statsd, stats)
-###
-### neverallow rules
-###
-# Only system_server, system_app, and stats command can find the stats service.
-neverallow {
-  domain
-  -dumpstate
-  -shell
-  -stats
-  -statsd
-  -system_app
-  -system_server
-} stats_service:service_manager find;
-# Only statsd and the other root services in limited circumstances.
-# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
-# Other services are prohibitted from accessing the file.
-neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:file *;
-# Limited access to the directory itself.
-neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:dir *;
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -169,7 +169,6 @@ binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
 binder_call(system_server, netd)
-binder_call(system_server, statsd)
 binder_call(system_server, storaged)
 binder_call(system_server, vold)
 binder_call(system_server, wificond)
@@ -579,7 +578,6 @@ allow system_server mediadrmserver_service:service_manager find;
 allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
-allow system_server stats_service:service_manager find;
 allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server vold_service:service_manager find;
@@ -802,3 +800,5 @@ neverallow system_server { domain -system_server }:process ptrace;
 # file read access. However, that is now unnecessary (b/34951864)
 neverallow system_server system_server:global_capability_class_set sys_resource;
+# TODO(b/67468181): Remove following lines upon resolution of this bug
+dontaudit system_server statscompanion_service:service_manager { add find };
--- a/public/service.te
+++ b/public/service.te
@@ -21,6 +21,7 @@ type mediadrmserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
+type statscompanion_service,    service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;