rename mediaanalytics->mediametrics, wider access

reflect the change from "mediaanalytics" to "mediametrics" Also incorporates a broader access to the service -- e.g. anyone. This reflects that a number of metrics submissions come from application space and not only from our controlled, trusted media related processes. The metrics service (in another commit) checks on the source of any incoming metrics data and limits what is allowed from unprivileged clients. Bug: 34615027 Test: clean build, service running and accessible Change-Id: I657c343ea1faed536c3ee1940f1e7a178e813a42

rename mediaanalytics->mediametrics, wider access
39185400 · Ray Essick · 95595507 · 39185400 · 39185400 · 39185400
Commit 39185400 authored 8 years ago by Ray Essick
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -183,7 +183,7 @@
 /system/bin/audioserver	u:object_r:audioserver_exec:s0
 /system/bin/mediadrmserver	u:object_r:mediadrmserver_exec:s0
 /system/bin/mediaserver	u:object_r:mediaserver_exec:s0
-/system/bin/mediaanalytics	u:object_r:mediaanalytics_exec:s0
+/system/bin/mediametrics	u:object_r:mediametrics_exec:s0
 /system/bin/cameraserver	u:object_r:cameraserver_exec:s0
 /system/bin/mediaextractor	u:object_r:mediaextractor_exec:s0
 /system/bin/mediacodec	u:object_r:mediacodec_exec:s0

--- a/private/mediaanalytics.te
+++ b/private/mediaanalytics.te
 # type_transition must be private policy the domain_trans rules could stay
 # public, but conceptually should go with this
-init_daemon_domain(mediaanalytics)
+init_daemon_domain(mediametrics)
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -41,6 +41,7 @@ allow platform_app audioserver_service:service_manager find;
 allow platform_app cameraserver_service:service_manager find;
 allow platform_app drmserver_service:service_manager find;
 allow platform_app mediaserver_service:service_manager find;
+allow platform_app mediametrics_service:service_manager find;
 allow platform_app mediaextractor_service:service_manager find;
 allow platform_app mediacodec_service:service_manager find;
 allow platform_app mediadrmserver_service:service_manager find;

--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -24,6 +24,7 @@ allow priv_app audioserver_service:service_manager find;
 allow priv_app cameraserver_service:service_manager find;
 allow priv_app drmserver_service:service_manager find;
 allow priv_app mediacodec_service:service_manager find;
+allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediadrmserver_service:service_manager find;
 allow priv_app mediaextractor_service:service_manager find;
 allow priv_app mediaserver_service:service_manager find;

--- a/private/service_contexts
+++ b/private/service_contexts
@@ -78,7 +78,7 @@ media.camera                              u:object_r:cameraserver_service:s0
 media.camera.proxy                        u:object_r:cameraproxy_service:s0
 media.log                                 u:object_r:audioserver_service:s0
 media.player                              u:object_r:mediaserver_service:s0
-media.analytics                           u:object_r:mediaanalytics_service:s0
+media.metrics                             u:object_r:mediametrics_service:s0
 media.extractor                           u:object_r:mediaextractor_service:s0
 media.codec                               u:object_r:mediacodec_service:s0
 media.resource_manager                    u:object_r:mediaserver_service:s0

--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -72,6 +72,7 @@ allow untrusted_app drmserver_service:service_manager find;
 allow untrusted_app mediaserver_service:service_manager find;
 allow untrusted_app mediaextractor_service:service_manager find;
 allow untrusted_app mediacodec_service:service_manager find;
+allow untrusted_app mediametrics_service:service_manager find;
 allow untrusted_app mediadrmserver_service:service_manager find;
 allow untrusted_app nfc_service:service_manager find;
 allow untrusted_app radio_service:service_manager find;

--- a/public/mediaanalytics.te
+++ b/public/mediaanalytics.te
-# mediaanalytics - daemon for collecting media analytics data
-type mediaanalytics, domain;
-type mediaanalytics_exec, exec_type, file_type;
-binder_use(mediaanalytics)
-binder_call(mediaanalytics, binderservicedomain)
-binder_service(mediaanalytics)
-allow mediaanalytics mediaanalytics_service:service_manager add;
-allow mediaanalytics system_server:fd use;
-r_dir_file(mediaanalytics, cgroup)
-allow mediaanalytics proc_meminfo:file r_file_perms;
-###
-### neverallow rules
-###
-# mediaanalytics should never execute any executable without a
-# domain transition
-neverallow mediaanalytics { file_type fs_type }:file execute_no_trans;
-# mediaanalytics should never need network access. Disallow network sockets.
-neverallow mediaanalytics domain:{ tcp_socket udp_socket rawip_socket } *;
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -10,7 +10,7 @@ binder_call(mediacodec, appdomain)
 binder_service(mediacodec)
 allow mediacodec mediacodec_service:service_manager add;
-allow mediacodec mediaanalytics_service:service_manager find;
+allow mediacodec mediametrics_service:service_manager find;
 allow mediacodec surfaceflinger_service:service_manager find;
 allow mediacodec gpu_device:chr_file rw_file_perms;
 allow mediacodec video_device:chr_file rw_file_perms;

--- a/public/mediadrmserver.te
+++ b/public/mediadrmserver.te
@@ -47,7 +47,7 @@ allow mediadrmserver tee:unix_stream_socket connectto;
 allow mediadrmserver mediadrmserver_service:service_manager { add find };
 allow mediadrmserver mediaserver_service:service_manager { add find };
-allow mediadrmserver mediaanalytics_service:service_manager find;
+allow mediadrmserver mediametrics_service:service_manager find;
 allow mediadrmserver processinfo_service:service_manager find;
 allow mediadrmserver surfaceflinger_service:service_manager find;

--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -10,7 +10,7 @@ binder_call(mediaextractor, appdomain)
 binder_service(mediaextractor)
 allow mediaextractor mediaextractor_service:service_manager add;
-allow mediaextractor mediaanalytics_service:service_manager find;
+allow mediaextractor mediametrics_service:service_manager find;
 allow mediaextractor system_server:fd use;

--- a/public/mediametrics.te
+++ b/public/mediametrics.te
+# mediametrics - daemon for collecting media.metrics data
+type mediametrics, domain;
+type mediametrics_exec, exec_type, file_type;
+binder_use(mediametrics)
+binder_call(mediametrics, binderservicedomain)
+binder_service(mediametrics)
+allow mediametrics mediametrics_service:service_manager add;
+allow mediametrics system_server:fd use;
+r_dir_file(mediametrics, cgroup)
+allow mediametrics proc_meminfo:file r_file_perms;
+###
+### neverallow rules
+###
+# mediametrics should never execute any executable without a
+# domain transition
+neverallow mediametrics { file_type fs_type }:file execute_no_trans;
+# mediametrics should never need network access. Disallow network sockets.
+neverallow mediametrics domain:{ tcp_socket udp_socket rawip_socket } *;
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -87,7 +87,7 @@ allow mediaserver drmserver_service:service_manager find;
 allow mediaserver mediaextractor_service:service_manager find;
 allow mediaserver mediacodec_service:service_manager find;
 allow mediaserver mediaserver_service:service_manager { add find };
-allow mediaserver mediaanalytics_service:service_manager find;
+allow mediaserver mediametrics_service:service_manager find;
 allow mediaserver media_session_service:service_manager find;
 allow mediaserver permission_service:service_manager find;
 allow mediaserver power_service:service_manager find;

--- a/public/nfc.te
+++ b/public/nfc.te
@@ -21,6 +21,7 @@ allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
 allow nfc audioserver_service:service_manager find;
 allow nfc drmserver_service:service_manager find;
 allow nfc mediacodec_service:service_manager find;
+allow nfc mediametrics_service:service_manager find;
 allow nfc mediaextractor_service:service_manager find;
 allow nfc mediaserver_service:service_manager find;

--- a/public/service.te
+++ b/public/service.te
@@ -13,7 +13,7 @@ type inputflinger_service,      service_manager_type;
 type installd_service,          service_manager_type;
 type keystore_service,          service_manager_type;
 type mediaserver_service,       service_manager_type;
-type mediaanalytics_service,    service_manager_type;
+type mediametrics_service,      service_manager_type;
 type mediaextractor_service,    service_manager_type;
 type mediacodec_service,        service_manager_type;
 type mediadrmserver_service,    service_manager_type;

--- a/public/system_server.te
+++ b/public/system_server.te
@@ -199,7 +199,7 @@ allow system_server {
  mediadrmserver
  mediaextractor
  mediaserver
-  mediaanalytics
+  mediametrics
  sdcardd
  surfaceflinger
 }:process { signal };
@@ -492,7 +492,7 @@ allow system_server gatekeeper_service:service_manager find;
 allow system_server installd_service:service_manager find;
 allow system_server keystore_service:service_manager find;
 allow system_server mediaserver_service:service_manager find;
-allow system_server mediaanalytics_service:service_manager find;
+allow system_server mediametrics_service:service_manager find;
 allow system_server mediaextractor_service:service_manager find;
 allow system_server mediacodec_service:service_manager find;
 allow system_server mediadrmserver_service:service_manager find;