Incidentd gets statsd incident section
There is now an incident section for statsd output data. These selinux
changes must be made for incident to call dump on statsd to get the
data.
Bug: 115678461
Test: adb shell incident -b 3023
and confirm that a valid statsd section is obtained
Change-Id: I761389c160ab3ab6c24556813a1a31088c0f5137
diff --git a/private/incidentd.te b/private/incidentd.te
index 7ad3a30..658db07 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -45,6 +45,10 @@
userdebug_or_eng(`allow incidentd pstorefs:dir search');
userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
+# section id 3023, allow obtaining stats report
+allow incidentd stats_service:service_manager find;
+binder_call(incidentd, statsd)
+
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
diff --git a/private/stats.te b/private/stats.te
index 818d9f9..2c7199d 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -37,10 +37,10 @@
### neverallow rules
###
-# Only system_server, system_app, traceur_app, and stats command can find the stats service.
neverallow {
domain
-dumpstate
+ -incidentd
-priv_app
-shell
-stats
diff --git a/private/statsd.te b/private/statsd.te
index 1e4c5b3..16d3aeb 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -14,3 +14,6 @@
allow statsd {
statscompanion_service
}:service_manager find;
+
+# Allow incidentd to obtain the statsd incident section.
+allow statsd incidentd:fifo_file write;