Merge "Incidentd gets statsd incident section"
diff --git a/private/incidentd.te b/private/incidentd.te
index 7ad3a30..658db07 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -45,6 +45,10 @@
userdebug_or_eng(`allow incidentd pstorefs:dir search');
userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
+# section id 3023, allow obtaining stats report
+allow incidentd stats_service:service_manager find;
+binder_call(incidentd, statsd)
+
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
diff --git a/private/stats.te b/private/stats.te
index 818d9f9..2c7199d 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -37,10 +37,10 @@
### neverallow rules
###
-# Only system_server, system_app, traceur_app, and stats command can find the stats service.
neverallow {
domain
-dumpstate
+ -incidentd
-priv_app
-shell
-stats
diff --git a/private/statsd.te b/private/statsd.te
index 1e4c5b3..16d3aeb 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -14,3 +14,6 @@
allow statsd {
statscompanion_service
}:service_manager find;
+
+# Allow incidentd to obtain the statsd incident section.
+allow statsd incidentd:fifo_file write;