From e27af27f8a875eaf66f8aaace09ca25f6188b7b4 Mon Sep 17 00:00:00 2001
From: yro <yro@google.com>
Date: Wed, 20 Dec 2017 16:00:54 -0800
Subject: [PATCH] Update statsd sepolicies to avoid selinux violations during
 cts tests and pulling metrics

Bug: 63757906
Test: manual testing conducted
Change-Id: Ieba524ee676dfb4a457d39d025d203bf02a70831
---
 private/statsd.te | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/private/statsd.te b/private/statsd.te
index 6b7f8cdd7..fee1881c7 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -13,10 +13,15 @@ r_dir_file(statsd, domain)
 #   /system/bin/toolbox
 #   /system/bin/logcat
 #   /system/bin/dumpsys
+allow statsd devpts:chr_file { getattr ioctl read write };
 allow statsd shell_exec:file rx_file_perms;
 allow statsd system_file:file execute_no_trans;
 allow statsd toolbox_exec:file rx_file_perms;
 
+userdebug_or_eng(`
+  allow statsd su:fifo_file read;
+')
+
 # Create, read, and write into /data/misc/stats-data, /data/misc/stats-system.
 allow statsd stats_data_file:dir create_dir_perms;
 allow statsd stats_data_file:file create_file_perms;
@@ -25,6 +30,7 @@ allow statsd stats_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, incidentd)
 binder_call(statsd, statscompanion_service)
+binder_call(statsd, system_server)
 
 # Allow logd access.
 read_logd(statsd)
@@ -50,6 +56,10 @@ allow statsd stats:fifo_file write;
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)
 
+# Allow access to with hardware layer and process stats.
+allow statsd proc_uid_cputime_showstat:file { getattr open read };
+hal_client_domain(statsd, hal_power)
+
 ###
 ### neverallow rules
 ###
-- 
GitLab