• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1typeattribute statsd coredomain;
2
3init_daemon_domain(statsd)
4
5# Allow to exec the perfetto cmdline client and pass it the trace config on
6# stdint through a pipe. It allows statsd to  capture traces and hand them
7# to Android dropbox.
8allow statsd perfetto_exec:file rx_file_perms;
9domain_auto_trans(statsd, perfetto_exec, perfetto)
10
11# Grant statsd with permissions to register the services.
12allow statsd {
13  statscompanion_service
14}:service_manager find;
15
16# Allow incidentd to obtain the statsd incident section.
17allow statsd incidentd:fifo_file write;
18
19# Allow StatsCompanionService to pipe data to statsd.
20allow statsd system_server:fifo_file { read write getattr };
21
22# Allow any app to pipe data to statsd.
23# Access control to all statsd APIs inherit from system_api_service, so
24# appdomain permissions are granted to avoid listing each individual
25# service that can access system_api_service.
26allow statsd appdomain:fifo_file { read write getattr };
27
28# Allow statsd to retrieve SF statistics over binder
29binder_call(statsd, surfaceflinger);
30
31# Allow statsd to read its system properties
32get_prop(statsd, device_config_statsd_native_prop)
33get_prop(statsd, device_config_statsd_native_boot_prop)
34
35# Allow statsd to read misctl properties (for 16 KB)
36get_prop(statsd, misctrl_prop)
37
38# Allow statsd to write uprobestats configs.
39allow statsd uprobestats_configs_data_file:dir rw_dir_perms;
40allow statsd uprobestats_configs_data_file:file create_file_perms;
41
42# Allow statsd to trigger uprobestats via property.
43set_prop(statsd, uprobestats_start_with_config_prop);
44
45# Allow statsd to use io_uring
46io_uring_use(statsd)
47
48# Allow statsd to start the uprobestats service.
49set_prop(statsd, ctl_uprobestats_prop)
50binder_use(statsd)
51
52# Allow statsd to scan through /proc/pid for all processes.
53r_dir_file(statsd, domain)
54
55# Allow executing files on system, such as running a shell or running:
56#   /system/bin/toolbox
57#   /system/bin/logcat
58#   /system/bin/dumpsys
59allow statsd devpts:chr_file { getattr ioctl read write };
60allow statsd shell_exec:file rx_file_perms;
61allow statsd system_file:file execute_no_trans;
62allow statsd toolbox_exec:file rx_file_perms;
63
64userdebug_or_eng(`
65  allow statsd su:fifo_file read;
66')
67
68# Create, read, and write into
69#   /data/misc/stats-active-metric
70#   /data/misc/stats-data
71#   /data/misc/stats-metadata
72#   /data/misc/stats-service
73#   /data/misc/train-info
74allow statsd stats_data_file:dir create_dir_perms;
75allow statsd stats_data_file:file create_file_perms;
76allow statsd stats_config_data_file:dir create_dir_perms;
77allow statsd stats_config_data_file:file create_file_perms;
78
79# Allow statsd to make binder calls to any binder service.
80binder_call(statsd, appdomain)
81binder_call(statsd, incidentd)
82binder_call(statsd, system_server)
83binder_call(statsd, traced_probes)
84
85# Allow statsd to interact with gpuservice
86allow statsd gpu_service:service_manager find;
87binder_call(statsd, gpuservice)
88
89# Allow statsd to interact with keystore to pull atoms
90allow statsd keystore_service:service_manager find;
91binder_call(statsd, keystore)
92
93# Allow statsd to interact with mediametrics
94allow statsd mediametrics_service:service_manager find;
95binder_call(statsd, mediametrics)
96
97# Allow statsd to interact with mediametrics
98allow statsd mediaserver_service:service_manager find;
99binder_call(statsd, mediaserver)
100
101# Allow statsd to interact with mmd
102allow statsd mmd_service:service_manager find;
103binder_call(statsd, mmd)
104
105# Allow logd access.
106read_logd(statsd)
107control_logd(statsd)
108
109# Grant statsd with permissions to register the services.
110allow statsd {
111  app_api_service
112  incident_service
113  system_api_service
114}:service_manager find;
115
116# Grant statsd to access health hal to access battery metrics.
117allow statsd hal_health_hwservice:hwservice_manager find;
118
119# Allow statsd to send dump info to dumpstate
120allow statsd dumpstate:fd use;
121allow statsd dumpstate:fifo_file { getattr write };
122
123# Allow access to with hardware layer and process stats.
124allow statsd proc_uid_cputime_showstat:file { getattr open read };
125hal_client_domain(statsd, hal_health)
126hal_client_domain(statsd, hal_power)
127hal_client_domain(statsd, hal_power_stats)
128hal_client_domain(statsd, hal_thermal)
129
130# Allow 'adb shell cmd' to upload configs and download output.
131allow statsd adbd:fd use;
132allow statsd adbd:unix_stream_socket { getattr read write };
133allow statsd shell:fifo_file { getattr read write };
134
135unix_socket_send(statsd, statsdw, statsd)
136
137###
138### neverallow rules
139###
140
141# Only statsd and the other root services in limited circumstances.
142# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
143# Other services are prohibitted from accessing the file.
144neverallow { domain -statsd -init -vold } stats_data_file:file *;
145neverallow { domain -statsd -system_server -init -vold } stats_config_data_file:file *;
146
147
148# Limited access to the directory itself.
149neverallow { domain -statsd -init -vold } stats_data_file:dir *;
150neverallow { domain -statsd -system_server -init -vold } stats_config_data_file:dir *;
151