1*e4a36f41SAndroid Build Coastguard Worker# bootstat command 2*e4a36f41SAndroid Build Coastguard Workertype bootstat, domain; 3*e4a36f41SAndroid Build Coastguard Workertype bootstat_exec, system_file_type, exec_type, file_type; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workerread_runtime_log_tags(bootstat) 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Worker# Allow persistent storage in /data/misc/bootstat. 8*e4a36f41SAndroid Build Coastguard Workerallow bootstat bootstat_data_file:dir rw_dir_perms; 9*e4a36f41SAndroid Build Coastguard Workerallow bootstat bootstat_data_file:file create_file_perms; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# Collect metrics on boot time created by init 12*e4a36f41SAndroid Build Coastguard Workerget_prop(bootstat, boottime_prop) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) 15*e4a36f41SAndroid Build Coastguard Workerset_prop(bootstat, bootloader_boot_reason_prop) 16*e4a36f41SAndroid Build Coastguard Workerset_prop(bootstat, system_boot_reason_prop) 17*e4a36f41SAndroid Build Coastguard Workerset_prop(bootstat, last_boot_reason_prop) 18*e4a36f41SAndroid Build Coastguard Workerallow bootstat metadata_file:dir search; 19*e4a36f41SAndroid Build Coastguard Workerallow bootstat metadata_bootstat_file:dir rw_dir_perms; 20*e4a36f41SAndroid Build Coastguard Workerallow bootstat metadata_bootstat_file:file create_file_perms; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# ToDo: TBI move access for the following to a system health HAL 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# Allow access to /sys/fs/pstore/ and syslog 25*e4a36f41SAndroid Build Coastguard Workerallow bootstat pstorefs:dir search; 26*e4a36f41SAndroid Build Coastguard Workerallow bootstat pstorefs:file r_file_perms; 27*e4a36f41SAndroid Build Coastguard Workerallow bootstat kernel:system syslog_read; 28*e4a36f41SAndroid Build Coastguard Worker 29*e4a36f41SAndroid Build Coastguard Worker# Allow access to reading the logs to read aspects of system health 30*e4a36f41SAndroid Build Coastguard Workerread_logd(bootstat) 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Worker# Allow bootstat write to statsd. 33*e4a36f41SAndroid Build Coastguard Workerunix_socket_send(bootstat, statsdw, statsd) 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Worker# ToDo: end 36*e4a36f41SAndroid Build Coastguard Worker 37*e4a36f41SAndroid Build Coastguard Workerneverallow { 38*e4a36f41SAndroid Build Coastguard Worker domain 39*e4a36f41SAndroid Build Coastguard Worker -bootanim 40*e4a36f41SAndroid Build Coastguard Worker -bootstat 41*e4a36f41SAndroid Build Coastguard Worker -dumpstate 42*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-incidentd') 43*e4a36f41SAndroid Build Coastguard Worker -init 44*e4a36f41SAndroid Build Coastguard Worker -recovery 45*e4a36f41SAndroid Build Coastguard Worker -shell 46*e4a36f41SAndroid Build Coastguard Worker -system_server 47*e4a36f41SAndroid Build Coastguard Worker} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; 48*e4a36f41SAndroid Build Coastguard Worker# ... and refine, as these components should not set the last boot reason 49*e4a36f41SAndroid Build Coastguard Workerneverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; 50*e4a36f41SAndroid Build Coastguard Worker 51*e4a36f41SAndroid Build Coastguard Workerneverallow { 52*e4a36f41SAndroid Build Coastguard Worker domain 53*e4a36f41SAndroid Build Coastguard Worker -bootstat 54*e4a36f41SAndroid Build Coastguard Worker -init 55*e4a36f41SAndroid Build Coastguard Worker -system_server 56*e4a36f41SAndroid Build Coastguard Worker} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; 57*e4a36f41SAndroid Build Coastguard Worker# ... and refine ... for a ro propertly no less ... keep this _tight_ 58*e4a36f41SAndroid Build Coastguard Workerneverallow system_server bootloader_boot_reason_prop:property_service set; 59*e4a36f41SAndroid Build Coastguard Worker 60*e4a36f41SAndroid Build Coastguard Workerneverallow { 61*e4a36f41SAndroid Build Coastguard Worker domain 62*e4a36f41SAndroid Build Coastguard Worker -bootstat 63*e4a36f41SAndroid Build Coastguard Worker -init 64*e4a36f41SAndroid Build Coastguard Worker} system_boot_reason_prop:property_service set; 65