Merge "Track crash_dump selinux denial."
diff --git a/OWNERS b/OWNERS
index c15fa63..b346293 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,7 +1,7 @@
-nnk@google.com
-jeffv@google.com
-klyubin@google.com
dcashman@google.com
jbires@google.com
-sspatil@google.com
+jeffv@google.com
jgalenson@google.com
+nnk@google.com
+sspatil@google.com
+trong@google.com
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 4c77b79..0eafca6 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -32,3 +32,8 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
+
+# Signal native processes to dump their stack.
+allow dumpstate {
+ statsd
+}:process signal;
diff --git a/private/statsd.te b/private/statsd.te
index 0203bcd..073c38b 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -89,7 +89,7 @@
# Only statsd and the other root services in limited circumstances.
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
# Other services are prohibitted from accessing the file.
-neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:file *;
+neverallow { domain -statsd -init -vold } stats_data_file:file *;
# Limited access to the directory itself.
-neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:dir *;
+neverallow { domain -statsd -init -vold } stats_data_file:dir *;
diff --git a/private/system_server.te b/private/system_server.te
index 642c8bd..f8f5e3e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -239,6 +239,7 @@
mediaserver
mediametrics
sdcardd
+ statsd
surfaceflinger
# This list comes from HAL_INTERFACES_OF_INTEREST in