Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics

am: e27af27f Change-Id: I40b4e204ec7d58c7d6971cf7e5e502e10011737a

Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics
955e543a · yro · android-build-merger · 3ed0362a · e27af27f · 955e543a
Commit 955e543a authored 7 years ago by yro Committed by android-build-merger 7 years ago
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -13,10 +13,15 @@ r_dir_file(statsd, domain)
 #   /system/bin/toolbox
 #   /system/bin/logcat
 #   /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
 allow statsd shell_exec:file rx_file_perms;
 allow statsd system_file:file execute_no_trans;
 allow statsd toolbox_exec:file rx_file_perms;
+userdebug_or_eng(`
+  allow statsd su:fifo_file read;
+')
 # Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
 allow statsd stats_data_file:dir create_dir_perms;
 allow statsd stats_data_file:file create_file_perms;
@@ -25,6 +30,7 @@ allow statsd stats_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, incidentd)
 binder_call(statsd, statscompanion_service)
+binder_call(statsd, system_server)
 # Allow logd access.
 read_logd(statsd)
@@ -50,6 +56,10 @@ allow statsd stats:fifo_file write;
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)
+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_power)
 ###
 ### neverallow rules
 ###