| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 1 | type statsd, domain, mlstrustedsubject; |
| 2 | |
| 3 | type statsd_exec, system_file_type, exec_type, file_type; |
| 4 | binder_use(statsd) |
| 5 | |
| 6 | # Allow statsd to scan through /proc/pid for all processes. |
| 7 | r_dir_file(statsd, domain) |
| 8 | |
| 9 | # Allow executing files on system, such as running a shell or running: |
| 10 | # /system/bin/toolbox |
| 11 | # /system/bin/logcat |
| 12 | # /system/bin/dumpsys |
| 13 | allow statsd devpts:chr_file { getattr ioctl read write }; |
| 14 | allow statsd shell_exec:file rx_file_perms; |
| 15 | allow statsd system_file:file execute_no_trans; |
| 16 | allow statsd toolbox_exec:file rx_file_perms; |
| 17 | |
| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 18 | # Allow statsd to interact with keystore to pull atoms |
| 19 | allow statsd keystore_service:service_manager find; |
| 20 | binder_call(statsd, keystore) |
| 21 | |
| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 22 | # Allow logd access. |
| 23 | read_logd(statsd) |
| 24 | control_logd(statsd) |
| 25 | |
| Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 26 | # Allow 'adb shell cmd' to upload configs and download output. |
| 27 | allow statsd adbd:fd use; |
| 28 | allow statsd adbd:unix_stream_socket { getattr read write }; |
| 29 | allow statsd shell:fifo_file { getattr read write }; |
| 30 | |
| 31 | unix_socket_send(statsd, statsdw, statsd) |