From b10ff337bf3b194d321a998cdaa94b4bae075370 Mon Sep 17 00:00:00 2001
From: Yao Chen <yaochen@google.com>
Date: Wed, 17 Jan 2018 16:17:28 -0800
Subject: [PATCH] Allow dumpstate to call statsd. This is needed for bugreport.

Selinux violations while calling dump() on statsd by bugreport.

avc: denied { call } for scontext=u:r:dumpstate:s0 tcontext=u:r:statsd:s0 tclass=binder permissive=1
denied { use } for path="pipe:[411602]" dev="pipefs" ino=411602 scontext=u:r:statsd:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=1
avc: denied { write } for path="pipe:[411602]" dev="pipefs" ino=411602 scontext=u:r:statsd:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1
avc: denied { getattr } for path="pipe:[411602]" dev="pipefs" ino=411602 scontext=u:r:statsd:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1

Test: manual
Change-Id: I46c5b119548378cc80c6e4498d00edad5959d188
---
 private/dumpstate.te | 3 +++
 private/statsd.te    | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 24a57de96..4c77b7938 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -27,5 +27,8 @@ userdebug_or_eng(`
 # Allow dumpstate to make binder calls to storaged service
 binder_call(dumpstate, storaged)
 
+# Allow dumpstate to make binder calls to statsd
+binder_call(dumpstate, statsd)
+
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)
diff --git a/private/statsd.te b/private/statsd.te
index fee1881c7..b04a7da38 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -53,6 +53,10 @@ add_service(statsd, stats_service)
 allow statsd stats:fd use;
 allow statsd stats:fifo_file write;
 
+# Allow statsd to send dump info to dumpstate
+allow statsd dumpstate:fd use;
+allow statsd dumpstate:fifo_file { getattr write };
+
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)
 
-- 
GitLab