Merge "Allow statsd to read file descriptors from any app" into main

commit: bfcc43e84ec7880c9d198db6d2cd15573eba18f3 [log] [tgz]
author: Jeffrey Huang <jeffreyhuang@google.com> Wed Jun 12 21:14:37 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jun 12 21:14:37 2024 +0000
tree: 8a228a92ae8f250eb9e24e4425ede91d4c30076b
parent: 1327971c7c26fa387d54332b555f8bb0c2d89faf [diff]
parent: 288cbd7409e3bfa6f71f89efb10732448268d6f5 [diff]
diff --git a/private/statsd.te b/private/statsd.te
index 5820d23..b932bc6 100644
--- a/private/statsd.te
+++ b/private/statsd.te

@@ -19,8 +19,11 @@
 # Allow StatsCompanionService to pipe data to statsd.
 allow statsd system_server:fifo_file { read write getattr };
 
-# Allow Statsd to pipe data to privileged apps.
-allow statsd priv_app:fifo_file { read write getattr };
+# Allow any app to pipe data to statsd.
+# Access control to all statsd APIs inherit from system_api_service, so
+# appdomain permissions are granted to avoid listing each individual
+# service that can access system_api_service.
+allow statsd appdomain:fifo_file { read write getattr };
 
 # Allow statsd to retrieve SF statistics over binder
 binder_call(statsd, surfaceflinger);
commit	bfcc43e84ec7880c9d198db6d2cd15573eba18f3	[log] [tgz]
author	Jeffrey Huang <jeffreyhuang@google.com>	Wed Jun 12 21:14:37 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jun 12 21:14:37 2024 +0000
tree	8a228a92ae8f250eb9e24e4425ede91d4c30076b
parent	1327971c7c26fa387d54332b555f8bb0c2d89faf [diff]
parent	288cbd7409e3bfa6f71f89efb10732448268d6f5 [diff]