private/statsd.te

type statsd, domain;
typeattribute statsd coredomain;

init_daemon_domain(statsd)

type statsd_exec, exec_type, file_type;
binder_use(statsd)

# Allow statsd to scan through /proc/pid for all processes.
r_dir_file(statsd, domain)

# Allow executing files on system, such as running a shell or running:
#   /system/bin/toolbox
#   /system/bin/logcat
#   /system/bin/dumpsys
allow statsd shell_exec:file rx_file_perms;
allow statsd system_file:file execute_no_trans;
allow statsd toolbox_exec:file rx_file_perms;

# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
allow statsd stats_data_file:dir create_dir_perms;
allow statsd stats_data_file:file create_file_perms;

# Allow statsd to make binder calls to any binder service.
binder_call(statsd, appdomain)
binder_call(statsd, incidentd)
binder_call(statsd, statscompanion_service)

# Allow logd access.
read_logd(statsd)
control_logd(statsd)

# Grant statsd with permissions to register the services.
allow statsd {
  statscompanion_service
  app_api_service
  system_api_service
}:service_manager find;

# Only statsd can publish the binder service.
add_service(statsd, stats_service)

# Allow pipes from (and only from) stats.
allow statsd stats:fd use;
allow statsd stats:fifo_file write;

# Allow statsd to call back to stats with status updates.
binder_call(statsd, stats)

###
### neverallow rules
###

# Only system_server, system_app, and stats command can find the stats service.
neverallow {
  domain
  -dumpstate
  -shell
  -stats
  -statsd
  -system_app
  -system_server
} stats_service:service_manager find;

# Only statsd and the other root services in limited circumstances.
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
# Other services are prohibitted from accessing the file.
neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:file *;

# Limited access to the directory itself.
neverallow { domain -statsd -init -vold -vendor_init } stats_data_file:dir *;