From 93c16bda168d76448be52f89f9a7e2e6ea260203 Mon Sep 17 00:00:00 2001
From: yro <yro@google.com>
Date: Thu, 19 Apr 2018 21:54:29 -0700
Subject: [PATCH] Setting up sepolicies for statsd planB of listening to its
 own socket

Test: manual
Bug: 78318738

Change-Id: Ifa1cbbfdbb5acb713dfeb1d4bf98d1e116e5a89b
---
 private/compat/26.0/26.0.ignore.cil | 2 ++
 private/compat/27.0/27.0.ignore.cil | 2 ++
 private/file.te                     | 2 ++
 private/file_contexts               | 1 +
 private/statsd.te                   | 8 +++++++-
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ae0a94d62..d45596ab9 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -88,6 +88,8 @@
     statsd
     statsd_exec
     statsd_tmpfs
+    statsdw
+    statsdw_socket
     statscompanion_service
     storaged_data_file
     sysfs_fs_ext4_features
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 79640463d..aa322418f 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -76,6 +76,8 @@
     statsd
     statsd_exec
     statsd_tmpfs
+    statsdw
+    statsdw_socket
     storaged_data_file
     system_boot_reason_prop
     system_update_service
diff --git a/private/file.te b/private/file.te
index fda972b48..58ee0def8 100644
--- a/private/file.te
+++ b/private/file.te
@@ -4,6 +4,8 @@ type config_gz, fs_type, proc_type;
 # /data/misc/stats-data, /data/misc/stats-service
 type stats_data_file, file_type, data_file_type, core_data_file_type;
 
+type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
+
 # /data/misc/storaged
 type storaged_data_file, file_type, data_file_type, core_data_file_type;
 
diff --git a/private/file_contexts b/private/file_contexts
index c2a8c74e1..71bff7365 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -132,6 +132,7 @@
 /dev/socket/logd	u:object_r:logd_socket:s0
 /dev/socket/logdr	u:object_r:logdr_socket:s0
 /dev/socket/logdw	u:object_r:logdw_socket:s0
+/dev/socket/statsdw	u:object_r:statsdw_socket:s0
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/mtpd	u:object_r:mtpd_socket:s0
diff --git a/private/statsd.te b/private/statsd.te
index 06d6e01e6..7305464ba 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -1,4 +1,4 @@
-type statsd, domain;
+type statsd, domain, mlstrustedsubject;
 typeattribute statsd coredomain;
 
 init_daemon_domain(statsd)
@@ -82,6 +82,12 @@ allow statsd adbd:fd use;
 allow statsd adbd:unix_stream_socket { getattr read write };
 allow statsd shell:fifo_file { getattr read };
 
+unix_socket_send(bluetooth, statsdw, statsd)
+unix_socket_send(bootstat, statsdw, statsd)
+unix_socket_send(platform_app, statsdw, statsd)
+unix_socket_send(statsd, statsdw, statsd)
+unix_socket_send(system_server, statsdw, statsd)
+
 ###
 ### neverallow rules
 ###
-- 
GitLab