From cf38ca5ed05e728cdcb5bce0f3c4a67e72005045 Mon Sep 17 00:00:00 2001
From: yro <yro@google.com>
Date: Mon, 22 Jan 2018 13:56:41 -0800
Subject: [PATCH] Update sepolicy of statsd to be able to find incident_service

Test: manual testing
Change-Id: Ia97c956c08d2062af6b33622c6b61ca3810b0cb1
---
 private/incidentd.te | 9 ++++++++-
 private/statsd.te    | 3 ++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/private/incidentd.te b/private/incidentd.te
index b88526347..a887a6177 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -99,7 +99,14 @@ binder_call(incidentd, incident)
 ###
 
 # only system_server, system_app and incident command can find the incident service
-neverallow { domain -system_server -system_app -incident -incidentd } incident_service:service_manager find;
+neverallow {
+  domain
+  -incident
+  -incidentd
+  -statsd
+  -system_app
+  -system_server
+} incident_service:service_manager find;
 
 # only incidentd and the other root services in limited circumstances
 # can get to the files in /data/misc/incidents
diff --git a/private/statsd.te b/private/statsd.te
index b04a7da38..dad3c6cc5 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -41,8 +41,9 @@ unix_socket_connect(statsd, traced_consumer, traced)
 
 # Grant statsd with permissions to register the services.
 allow statsd {
-  statscompanion_service
   app_api_service
+  incident_service
+  statscompanion_service
   system_api_service
 }:service_manager find;
 
-- 
GitLab