Statsd: Allow statsd to contact perfprofd in userdebug
Give statsd rights to connect to perfprofd in userdebug.
Test: mmma system/extras/perfprofd
Change-Id: Idea0a6b757d1b16ec2e6c8719e24900f1e5518fd
diff --git a/private/perfprofd.te b/private/perfprofd.te
index 9c249fd..4da5410 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -2,3 +2,7 @@
typeattribute perfprofd coredomain;
init_daemon_domain(perfprofd)
')
+
+# Only servicemanager, statsd, su and systemserver can communicate.
+neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
diff --git a/private/statsd.te b/private/statsd.te
index c63cba9..dfec7a4 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -30,6 +30,9 @@
binder_call(statsd, appdomain)
binder_call(statsd, healthd)
binder_call(statsd, incidentd)
+userdebug_or_eng(`
+ binder_call(statsd, perfprofd)
+')
binder_call(statsd, statscompanion_service)
binder_call(statsd, system_server)
diff --git a/public/perfprofd.te b/public/perfprofd.te
index d4062aa..494e75b 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -113,9 +113,5 @@
# Allow perfprofd to submit to dropbox.
allow perfprofd dropbox_service:service_manager find;
- allow perfprofd system_server:binder call;
-
- # Only servicemanager, su and systemserver can communicate.
- neverallow domain perfprofd:binder call;
- neverallow perfprofd { domain -servicemanager -su -system_server }:binder call;
+ binder_call(perfprofd, system_server)
')