| Yu-Ting Tseng | 3e8e8ea | 2023-09-25 18:42:03 +0000 | [diff] [blame] | 1 | type uprobestats, domain, coredomain; |
| 2 | |
| 3 | typeattribute uprobestats bpfdomain; |
| 4 | |
| 5 | type uprobestats_exec, system_file_type, exec_type, file_type; |
| 6 | |
| Yu-Ting Tseng | 43cae4e | 2023-12-15 00:48:23 +0000 | [diff] [blame] | 7 | # Allow init to start uprobestats. |
| 8 | init_daemon_domain(uprobestats) |
| Yu-Ting Tseng | 3e8e8ea | 2023-09-25 18:42:03 +0000 | [diff] [blame] | 9 | |
| Yu-Ting Tseng | baea641 | 2024-01-16 14:02:59 -0800 | [diff] [blame] | 10 | allow uprobestats fs_bpf_uprobestats:file { read write }; |
| 11 | allow uprobestats fs_bpf_uprobestats:dir search; |
| Yu-Ting Tseng | 3e8e8ea | 2023-09-25 18:42:03 +0000 | [diff] [blame] | 12 | allow uprobestats bpfloader:bpf { map_read map_write prog_run }; |
| 13 | allow uprobestats self:capability2 perfmon; |
| 14 | allow uprobestats self:perf_event { cpu open write }; |
| 15 | allow uprobestats sysfs_uprobe:file { open read }; |
| 16 | allow uprobestats sysfs_uprobe:dir { search }; |
| Yu-Ting Tseng | 43cae4e | 2023-12-15 00:48:23 +0000 | [diff] [blame] | 17 | |
| Yu-Ting Tseng | 01ad963 | 2025-03-03 10:43:16 -0800 | [diff] [blame] | 18 | allow uprobestats { apex_art_data_file apex_module_data_file }:dir r_dir_perms; |
| 19 | allow uprobestats { apex_art_data_file apex_module_data_file }:file r_file_perms; |
| 20 | allow uprobestats packages_list_file:file r_file_perms; |
| 21 | |
| Yu-Ting Tseng | 43cae4e | 2023-12-15 00:48:23 +0000 | [diff] [blame] | 22 | # Allow uprobestats to popen oatdump. |
| Yu-Ting Tseng | 46e4049 | 2024-07-09 19:03:39 -0700 | [diff] [blame] | 23 | allow uprobestats system_file:file rx_file_perms; |
| Yu-Ting Tseng | 43cae4e | 2023-12-15 00:48:23 +0000 | [diff] [blame] | 24 | |
| 25 | # Allow uprobestats to write atoms to statsd |
| 26 | unix_socket_send(uprobestats, statsdw, statsd) |
| 27 | |
| 28 | # For registration with system server as a process observer. |
| 29 | binder_use(uprobestats) |
| 30 | allow uprobestats activity_service:service_manager find; |
| Matt Gilbride | 24addd3 | 2024-12-17 00:30:46 +0000 | [diff] [blame] | 31 | allow uprobestats dynamic_instrumentation_service:service_manager find; |
| Yu-Ting Tseng | 43cae4e | 2023-12-15 00:48:23 +0000 | [diff] [blame] | 32 | binder_call(uprobestats, system_server); |
| 33 | |
| 34 | # Allow uprobestats to talk to native package manager |
| 35 | allow uprobestats package_native_service:service_manager find; |
| 36 | |
| 37 | # Allow uprobestats to scan /proc/<pid>/cmdline. |
| 38 | r_dir_file(uprobestats, { domain -appdomain }) |
| 39 | |
| 40 | # Allow uprobestats to manage its own config files. |
| 41 | allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms; |
| 42 | allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink }; |