Snap for 6139873 from 6144f9263204bf475b3c2e70671769827e6cc244 to pie-cts-release
Change-Id: Iad1478fd9c92a88b43f87cd62504606d80d163f3
diff --git a/private/file.te b/private/file.te
index 58ee0de..8d18a90 100644
--- a/private/file.te
+++ b/private/file.te
@@ -1,11 +1,6 @@
# /proc/config.gz
type config_gz, fs_type, proc_type;
-# /data/misc/stats-data, /data/misc/stats-service
-type stats_data_file, file_type, data_file_type, core_data_file_type;
-
-type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
-
# /data/misc/storaged
type storaged_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/platform_app.te b/private/platform_app.te
index 6d6ec98..408644f 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -60,6 +60,10 @@
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
+allow platform_app stats_service:service_manager find;
+
+# Allow platform apps to log via statsd.
+allow platform_app statsd:binder call;
# Access to /data/preloads
allow platform_app preloads_data_file:file r_file_perms;
diff --git a/private/stats.te b/private/stats.te
index be8cfbd..c1d30ac 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -23,3 +23,30 @@
binder_call(stats, statsd)
allow stats statsd:fifo_file write;
+# Only statsd can publish the binder service.
+add_service(statsd, stats_service)
+
+# Allow pipes from (and only from) stats.
+allow statsd stats:fd use;
+allow statsd stats:fifo_file write;
+
+# Allow statsd to call back to stats with status updates.
+binder_call(statsd, stats)
+
+###
+### neverallow rules
+###
+
+# Only system_server, system_app, traceur_app, and stats command can find the stats service.
+neverallow {
+ domain
+ -dumpstate
+ -platform_app
+ -priv_app
+ -shell
+ -stats
+ -statsd
+ -system_app
+ -system_server
+ -traceur_app
+} stats_service:service_manager find;
diff --git a/private/statsd.te b/private/statsd.te
index 74b89c2..1e4c5b3 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,44 +1,8 @@
-type statsd, domain, mlstrustedsubject;
typeattribute statsd coredomain;
init_daemon_domain(statsd)
-type statsd_exec, exec_type, file_type;
-binder_use(statsd)
-
-# Allow statsd to scan through /proc/pid for all processes.
-r_dir_file(statsd, domain)
-
-# Allow executing files on system, such as running a shell or running:
-# /system/bin/toolbox
-# /system/bin/logcat
-# /system/bin/dumpsys
-allow statsd devpts:chr_file { getattr ioctl read write };
-allow statsd shell_exec:file rx_file_perms;
-allow statsd system_file:file execute_no_trans;
-allow statsd toolbox_exec:file rx_file_perms;
-
-userdebug_or_eng(`
- allow statsd su:fifo_file read;
-')
-
-# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
-allow statsd stats_data_file:dir create_dir_perms;
-allow statsd stats_data_file:file create_file_perms;
-
-# Allow statsd to make binder calls to any binder service.
-binder_call(statsd, appdomain)
-binder_call(statsd, healthd)
-binder_call(statsd, incidentd)
-userdebug_or_eng(`
- binder_call(statsd, perfprofd)
-')
binder_call(statsd, statscompanion_service)
-binder_call(statsd, system_server)
-
-# Allow logd access.
-read_logd(statsd)
-control_logd(statsd)
# Allow to exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. It allows statsd to capture traces and hand them
@@ -48,69 +12,5 @@
# Grant statsd with permissions to register the services.
allow statsd {
- app_api_service
- incident_service
statscompanion_service
- system_api_service
}:service_manager find;
-
-# Grant statsd to access health hal to access battery metrics.
-allow statsd hal_health_hwservice:hwservice_manager find;
-
-# Only statsd can publish the binder service.
-add_service(statsd, stats_service)
-
-# Allow pipes from (and only from) stats.
-allow statsd stats:fd use;
-allow statsd stats:fifo_file write;
-
-# Allow statsd to send dump info to dumpstate
-allow statsd dumpstate:fd use;
-allow statsd dumpstate:fifo_file { getattr write };
-
-# Allow statsd to call back to stats with status updates.
-binder_call(statsd, stats)
-
-# Allow access to with hardware layer and process stats.
-allow statsd proc_uid_cputime_showstat:file { getattr open read };
-hal_client_domain(statsd, hal_health)
-hal_client_domain(statsd, hal_power)
-hal_client_domain(statsd, hal_thermal)
-
-# Allow 'adb shell cmd' to upload configs and download output.
-allow statsd adbd:fd use;
-allow statsd adbd:unix_stream_socket { getattr read write };
-allow statsd shell:fifo_file { getattr read };
-
-unix_socket_send(bluetooth, statsdw, statsd)
-unix_socket_send(bootstat, statsdw, statsd)
-unix_socket_send(lmkd, statsdw, statsd)
-unix_socket_send(platform_app, statsdw, statsd)
-unix_socket_send(radio, statsdw, statsd)
-unix_socket_send(statsd, statsdw, statsd)
-unix_socket_send(system_server, statsdw, statsd)
-
-###
-### neverallow rules
-###
-
-# Only system_server, system_app, traceur_app, and stats command can find the stats service.
-neverallow {
- domain
- -dumpstate
- -priv_app
- -shell
- -stats
- -statsd
- -system_app
- -system_server
- -traceur_app
-} stats_service:service_manager find;
-
-# Only statsd and the other root services in limited circumstances.
-# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
-# Other services are prohibitted from accessing the file.
-neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
-
-# Limited access to the directory itself.
-neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
diff --git a/public/app.te b/public/app.te
index 439c1f8..ce4cdca 100644
--- a/public/app.te
+++ b/public/app.te
@@ -162,6 +162,9 @@
allow appdomain incidentd:fd use;
allow appdomain incidentd:fifo_file { write getattr };
+# Allow apps to send information to statsd socket.
+unix_socket_send(appdomain, statsdw, statsd)
+
# Write profiles /data/misc/profiles
allow appdomain user_profile_data_file:dir { search write add_name };
allow appdomain user_profile_data_file:file create_file_perms;
diff --git a/public/file.te b/public/file.te
index ccfec15..a4d26dd 100644
--- a/public/file.te
+++ b/public/file.te
@@ -257,6 +257,7 @@
type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type recovery_data_file, file_type, data_file_type, core_data_file_type;
type shared_relro_file, file_type, data_file_type, core_data_file_type;
+type stats_data_file, file_type, data_file_type, core_data_file_type;
type systemkeys_data_file, file_type, data_file_type, core_data_file_type;
type textclassifier_data_file, file_type, data_file_type, core_data_file_type;
type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
@@ -330,6 +331,7 @@
type racoon_socket, file_type, coredomain_socket;
type rild_socket, file_type;
type rild_debug_socket, file_type;
+type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
diff --git a/public/statsd.te b/public/statsd.te
new file mode 100644
index 0000000..c108805
--- /dev/null
+++ b/public/statsd.te
@@ -0,0 +1,82 @@
+type statsd, domain, mlstrustedsubject;
+
+type statsd_exec, exec_type, file_type;
+binder_use(statsd)
+
+# Allow statsd to scan through /proc/pid for all processes.
+r_dir_file(statsd, domain)
+
+# Allow executing files on system, such as running a shell or running:
+# /system/bin/toolbox
+# /system/bin/logcat
+# /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
+allow statsd shell_exec:file rx_file_perms;
+allow statsd system_file:file execute_no_trans;
+allow statsd toolbox_exec:file rx_file_perms;
+
+userdebug_or_eng(`
+ allow statsd su:fifo_file read;
+')
+
+# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
+allow statsd stats_data_file:dir create_dir_perms;
+allow statsd stats_data_file:file create_file_perms;
+
+# Allow statsd to make binder calls to any binder service.
+binder_call(statsd, appdomain)
+binder_call(statsd, healthd)
+binder_call(statsd, incidentd)
+userdebug_or_eng(`
+ binder_call(statsd, perfprofd)
+')
+binder_call(statsd, system_server)
+
+# Allow logd access.
+read_logd(statsd)
+control_logd(statsd)
+
+# Grant statsd with permissions to register the services.
+allow statsd {
+ app_api_service
+ incident_service
+ userdebug_or_eng(`
+ perfprofd_service
+ ')
+ system_api_service
+}:service_manager find;
+
+# Grant statsd to access health hal to access battery metrics.
+allow statsd hal_health_hwservice:hwservice_manager find;
+
+# Allow statsd to send dump info to dumpstate
+allow statsd dumpstate:fd use;
+allow statsd dumpstate:fifo_file { getattr write };
+
+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_health)
+hal_client_domain(statsd, hal_power)
+hal_client_domain(statsd, hal_thermal)
+
+# Allow 'adb shell cmd' to upload configs and download output.
+allow statsd adbd:fd use;
+allow statsd adbd:unix_stream_socket { getattr read write };
+allow statsd shell:fifo_file { getattr read };
+
+unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(lmkd, statsdw, statsd)
+unix_socket_send(statsd, statsdw, statsd)
+unix_socket_send(system_server, statsdw, statsd)
+
+###
+### neverallow rules
+###
+
+# Only statsd and the other root services in limited circumstances.
+# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
+# Other services are prohibitted from accessing the file.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
+
+# Limited access to the directory itself.
+neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
