| Yu-Ting Tseng | 3e8e8ea | 2023-09-25 18:42:03 +0000 | [diff] [blame] | 1 | type uprobestats, domain, coredomain; |
| 2 | |
| 3 | typeattribute uprobestats bpfdomain; |
| 4 | |
| 5 | type uprobestats_exec, system_file_type, exec_type, file_type; |
| 6 | |
| Yu-Ting Tseng | a87a13f | 2023-11-17 17:07:57 -0800 | [diff] [blame^] | 7 | # Allow init to start uprobestats. |
| 8 | init_daemon_domain(uprobestats) |
| Yu-Ting Tseng | 3e8e8ea | 2023-09-25 18:42:03 +0000 | [diff] [blame] | 9 | |
| 10 | allow uprobestats fs_bpf_uprobe_private:file { read write }; |
| 11 | allow uprobestats fs_bpf_uprobe_private:dir search; |
| 12 | allow uprobestats bpfloader:bpf { map_read map_write prog_run }; |
| 13 | allow uprobestats self:capability2 perfmon; |
| 14 | allow uprobestats self:perf_event { cpu open write }; |
| 15 | allow uprobestats sysfs_uprobe:file { open read }; |
| 16 | allow uprobestats sysfs_uprobe:dir { search }; |
| Yu-Ting Tseng | a87a13f | 2023-11-17 17:07:57 -0800 | [diff] [blame^] | 17 | |
| 18 | # Allow uprobestats to popen oatdump. |
| 19 | allow uprobestats oatdump_exec:file rx_file_perms; |
| 20 | |
| 21 | # Allow uprobestats to write atoms to statsd |
| 22 | unix_socket_send(uprobestats, statsdw, statsd) |
| 23 | |
| 24 | # For registration with system server as a process observer. |
| 25 | binder_use(uprobestats) |
| 26 | allow uprobestats activity_service:service_manager find; |
| 27 | binder_call(uprobestats, system_server); |
| 28 | |
| 29 | # Allow uprobestats to talk to native package manager |
| 30 | allow uprobestats package_native_service:service_manager find; |
| 31 | |
| 32 | # Allow uprobestats to scan /proc/<pid>/cmdline. |
| 33 | r_dir_file(uprobestats, { domain -appdomain }) |
| 34 | |
| 35 | # Allow uprobestats to manage its own config files. |
| 36 | allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms; |
| 37 | allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink }; |