Sepolicy: Fix perfprofd permissions Let statsd find the service. The system server wants to read file attributes for the perfprofd dropbox file. Bug: 73175642 Test: m Test: manual Change-Id: I0c0b1dac057af90fff440286226093ec15b5e247

commit: 835881aaa41622416aae220fd5f6bf827bd96fd3 [log] [tgz]
author: Andreas Gampe <agampe@google.com> Thu May 10 15:07:09 2018 -0700
committer: Andreas Gampe <agampe@google.com> Thu May 10 15:07:09 2018 -0700
tree: 4c3aeed624db70059c0e7b8f92a886a025d79c0c
parent: 11bfc05cedef984b748a49eea8dfdda2e3eeadbf [diff]
diff --git a/private/statsd.te b/private/statsd.te
index 74b89c2..834fb8b 100644
--- a/private/statsd.te
+++ b/private/statsd.te

@@ -50,6 +50,9 @@
 allow statsd {
   app_api_service
   incident_service
+  userdebug_or_eng(`
+    perfprofd_service
+  ')
   statscompanion_service
   system_api_service
 }:service_manager find;

diff --git a/private/system_server.te b/private/system_server.te
index 60d3718..aab37fc 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -389,7 +389,7 @@
 
 # Allow dropbox to read /data/misc/perfprofd. Only the fd is sent over binder.
 userdebug_or_eng(`
-  allow system_server perfprofd_data_file:file read;
+  allow system_server perfprofd_data_file:file { getattr read };
   allow system_server perfprofd:fd use;
 ')
commit	835881aaa41622416aae220fd5f6bf827bd96fd3	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Thu May 10 15:07:09 2018 -0700
committer	Andreas Gampe <agampe@google.com>	Thu May 10 15:07:09 2018 -0700
tree	4c3aeed624db70059c0e7b8f92a886a025d79c0c
parent	11bfc05cedef984b748a49eea8dfdda2e3eeadbf [diff]