commit c9ff8d010bfd3d4bf8bbc3ca204f92e8c398468d
author Hector Dearman <hjd@google.com> Mon Mar 27 16:04:42 2023 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Mar 27 16:04:42 2023 +0000
tree 916114246f3624901900eddaf61d0b4f5149ea2d
parent bd89baaecfea56b858b2b1850262446775e1360a
parent 7ca04a7e7fc0430cd4df6c8b3a446c4dcd0cc807

Merge "Allow traced_probes to subscribe to statsd atoms"

private/stats.te

diff --git a/private/stats.te b/private/stats.te
index 89b9488..5790faa 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -56,4 +56,5 @@
   -system_app
   -system_server
   -traceur_app
+  -traced_probes
 } stats_service:service_manager find;

private/traced_probes.te

diff --git a/private/traced_probes.te b/private/traced_probes.te
index 5cc271c..dfc4d07 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -100,8 +100,10 @@
 # On debug builds allow to ingest system logs into the trace.
 userdebug_or_eng(`read_logd(traced_probes)')
 
-# Allow traced_probes to talk to statsd for logging metrics.
+# Allow traced_probes to talk to statsd for logging metrics and recording atoms.
 unix_socket_send(traced_probes, statsdw, statsd)
+binder_call(traced_probes, statsd)
+allow traced_probes stats_service:service_manager find;
 
 ###
 ### Neverallow rules

public/statsd.te

diff --git a/public/statsd.te b/public/statsd.te
index e1c24c6..71597cc 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -34,6 +34,7 @@
 binder_call(statsd, appdomain)
 binder_call(statsd, incidentd)
 binder_call(statsd, system_server)
+binder_call(statsd, traced_probes)
 
 # Allow statsd to interact with gpuservice
 allow statsd gpu_service:service_manager find;