1type stats, domain; 2typeattribute stats coredomain; 3type stats_exec, system_file_type, exec_type, file_type; 4 5# switch to stats domain for stats command 6domain_auto_trans(shell, stats_exec, stats) 7 8# allow stats access to stdout from its parent shell. 9allow stats shell:fd use; 10 11# allow stats to communicate use, read and write over the adb 12# connection. 13allow stats adbd:fd use; 14allow stats adbd:unix_stream_socket { read write }; 15 16# allow adbd to reap stats 17allow stats adbd:process { sigchld }; 18 19# Allow the stats command to talk to the statsd over the binder, and get 20# back the stats report data from a ParcelFileDescriptor. 21binder_use(stats) 22allow stats stats_service:service_manager find; 23binder_call(stats, statsd) 24allow stats statsd:fifo_file write; 25 26# Only statsd can publish the binder service. 27add_service(statsd, stats_service) 28 29# Allow pipes from (and only from) stats. 30allow statsd stats:fd use; 31allow statsd stats:fifo_file write; 32 33# Allow statsd to call back to stats with status updates. 34binder_call(statsd, stats) 35 36### 37### neverallow rules 38### 39 40neverallow { 41 domain 42 -dumpstate 43 -gmscore_app 44 -gpuservice 45 -incidentd 46 -keystore 47 -mediametrics 48 -platform_app 49 -priv_app 50 -shell 51 -stats 52 -statsd 53 -surfaceflinger 54 -system_app 55 -system_server 56 -traceur_app 57} stats_service:service_manager find; 58