1type statsd, domain, mlstrustedsubject; 2typeattribute statsd coredomain; 3 4init_daemon_domain(statsd) 5 6type statsd_exec, exec_type, file_type; 7binder_use(statsd) 8 9# Allow statsd to scan through /proc/pid for all processes. 10r_dir_file(statsd, domain) 11 12# Allow executing files on system, such as running a shell or running: 13# /system/bin/toolbox 14# /system/bin/logcat 15# /system/bin/dumpsys 16allow statsd devpts:chr_file { getattr ioctl read write }; 17allow statsd shell_exec:file rx_file_perms; 18allow statsd system_file:file execute_no_trans; 19allow statsd toolbox_exec:file rx_file_perms; 20 21userdebug_or_eng(` 22 allow statsd su:fifo_file read; 23') 24 25# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system. 26allow statsd stats_data_file:dir create_dir_perms; 27allow statsd stats_data_file:file create_file_perms; 28 29# Allow statsd to make binder calls to any binder service. 30binder_call(statsd, appdomain) 31binder_call(statsd, healthd) 32binder_call(statsd, incidentd) 33userdebug_or_eng(` 34 binder_call(statsd, perfprofd) 35') 36binder_call(statsd, statscompanion_service) 37binder_call(statsd, system_server) 38 39# Allow logd access. 40read_logd(statsd) 41control_logd(statsd) 42 43# Allow to exec the perfetto cmdline client and pass it the trace config on 44# stdint through a pipe. It allows statsd to capture traces and hand them 45# to Android dropbox. 46allow statsd perfetto_exec:file rx_file_perms; 47domain_auto_trans(statsd, perfetto_exec, perfetto) 48 49# Grant statsd with permissions to register the services. 50allow statsd { 51 app_api_service 52 incident_service 53 statscompanion_service 54 system_api_service 55}:service_manager find; 56 57# Grant statsd to access health hal to access battery metrics. 58allow statsd hal_health_hwservice:hwservice_manager find; 59 60# Only statsd can publish the binder service. 61add_service(statsd, stats_service) 62 63# Allow pipes from (and only from) stats. 64allow statsd stats:fd use; 65allow statsd stats:fifo_file write; 66 67# Allow statsd to send dump info to dumpstate 68allow statsd dumpstate:fd use; 69allow statsd dumpstate:fifo_file { getattr write }; 70 71# Allow statsd to call back to stats with status updates. 72binder_call(statsd, stats) 73 74# Allow access to with hardware layer and process stats. 75allow statsd proc_uid_cputime_showstat:file { getattr open read }; 76hal_client_domain(statsd, hal_health) 77hal_client_domain(statsd, hal_power) 78hal_client_domain(statsd, hal_thermal) 79 80# Allow 'adb shell cmd' to upload configs and download output. 81allow statsd adbd:fd use; 82allow statsd adbd:unix_stream_socket { getattr read write }; 83allow statsd shell:fifo_file { getattr read }; 84 85unix_socket_send(bluetooth, statsdw, statsd) 86unix_socket_send(bootstat, statsdw, statsd) 87unix_socket_send(lmkd, statsdw, statsd) 88unix_socket_send(platform_app, statsdw, statsd) 89unix_socket_send(radio, statsdw, statsd) 90unix_socket_send(statsd, statsdw, statsd) 91unix_socket_send(system_server, statsdw, statsd) 92 93### 94### neverallow rules 95### 96 97# Only system_server, system_app, traceur_app, and stats command can find the stats service. 98neverallow { 99 domain 100 -dumpstate 101 -priv_app 102 -shell 103 -stats 104 -statsd 105 -system_app 106 -system_server 107 -traceur_app 108} stats_service:service_manager find; 109 110# Only statsd and the other root services in limited circumstances. 111# can get to the files in /data/misc/stats-data, /data/misc/stats-service. 112# Other services are prohibitted from accessing the file. 113neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *; 114 115# Limited access to the directory itself. 116neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *; 117