1type uprobestats, domain, coredomain; 2 3typeattribute uprobestats bpfdomain; 4 5type uprobestats_exec, system_file_type, exec_type, file_type; 6 7# Allow init to start uprobestats. 8init_daemon_domain(uprobestats) 9 10allow uprobestats fs_bpf_uprobestats:file { read write }; 11allow uprobestats fs_bpf_uprobestats:dir search; 12allow uprobestats bpfloader:bpf { map_read map_write prog_run }; 13allow uprobestats self:capability2 perfmon; 14allow uprobestats self:perf_event { cpu open write }; 15allow uprobestats sysfs_uprobe:file { open read }; 16allow uprobestats sysfs_uprobe:dir { search }; 17 18# Allow uprobestats to popen oatdump. 19allow uprobestats oatdump_exec:file rx_file_perms; 20 21# Allow uprobestats to write atoms to statsd 22unix_socket_send(uprobestats, statsdw, statsd) 23 24# For registration with system server as a process observer. 25binder_use(uprobestats) 26allow uprobestats activity_service:service_manager find; 27binder_call(uprobestats, system_server); 28 29# Allow uprobestats to talk to native package manager 30allow uprobestats package_native_service:service_manager find; 31 32# Allow uprobestats to scan /proc/<pid>/cmdline. 33r_dir_file(uprobestats, { domain -appdomain }) 34 35# Allow uprobestats to manage its own config files. 36allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms; 37allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink }; 38