1*e4a36f41SAndroid Build Coastguard Workertype stats, domain; 2*e4a36f41SAndroid Build Coastguard Workertypeattribute stats coredomain; 3*e4a36f41SAndroid Build Coastguard Workertype stats_exec, system_file_type, exec_type, file_type; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# switch to stats domain for stats command 6*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(shell, stats_exec, stats) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# allow stats access to stdout from its parent shell. 9*e4a36f41SAndroid Build Coastguard Workerallow stats shell:fd use; 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# allow stats to communicate use, read and write over the adb 12*e4a36f41SAndroid Build Coastguard Worker# connection. 13*e4a36f41SAndroid Build Coastguard Workerallow stats adbd:fd use; 14*e4a36f41SAndroid Build Coastguard Workerallow stats adbd:unix_stream_socket { read write }; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# allow adbd to reap stats 17*e4a36f41SAndroid Build Coastguard Workerallow stats adbd:process { sigchld }; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# Allow the stats command to talk to the statsd over the binder, and get 20*e4a36f41SAndroid Build Coastguard Worker# back the stats report data from a ParcelFileDescriptor. 21*e4a36f41SAndroid Build Coastguard Workerbinder_use(stats) 22*e4a36f41SAndroid Build Coastguard Workerallow stats stats_service:service_manager find; 23*e4a36f41SAndroid Build Coastguard Workerbinder_call(stats, statsd) 24*e4a36f41SAndroid Build Coastguard Workerallow stats statsd:fifo_file write; 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker# Only statsd can publish the binder service. 27*e4a36f41SAndroid Build Coastguard Workeradd_service(statsd, stats_service) 28*e4a36f41SAndroid Build Coastguard Worker 29*e4a36f41SAndroid Build Coastguard Worker# Allow pipes from (and only from) stats. 30*e4a36f41SAndroid Build Coastguard Workerallow statsd stats:fd use; 31*e4a36f41SAndroid Build Coastguard Workerallow statsd stats:fifo_file write; 32*e4a36f41SAndroid Build Coastguard Worker 33*e4a36f41SAndroid Build Coastguard Worker# Allow statsd to call back to stats with status updates. 34*e4a36f41SAndroid Build Coastguard Workerbinder_call(statsd, stats) 35*e4a36f41SAndroid Build Coastguard Worker 36*e4a36f41SAndroid Build Coastguard Worker### 37*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 38*e4a36f41SAndroid Build Coastguard Worker### 39*e4a36f41SAndroid Build Coastguard Worker 40*e4a36f41SAndroid Build Coastguard Workerneverallow { 41*e4a36f41SAndroid Build Coastguard Worker domain 42*e4a36f41SAndroid Build Coastguard Worker -dumpstate 43*e4a36f41SAndroid Build Coastguard Worker -gmscore_app 44*e4a36f41SAndroid Build Coastguard Worker -gpuservice 45*e4a36f41SAndroid Build Coastguard Worker -incidentd 46*e4a36f41SAndroid Build Coastguard Worker -keystore 47*e4a36f41SAndroid Build Coastguard Worker -mediametrics 48*e4a36f41SAndroid Build Coastguard Worker -platform_app 49*e4a36f41SAndroid Build Coastguard Worker -priv_app 50*e4a36f41SAndroid Build Coastguard Worker -shell 51*e4a36f41SAndroid Build Coastguard Worker -stats 52*e4a36f41SAndroid Build Coastguard Worker -statsd 53*e4a36f41SAndroid Build Coastguard Worker -surfaceflinger 54*e4a36f41SAndroid Build Coastguard Worker -system_app 55*e4a36f41SAndroid Build Coastguard Worker -system_server 56*e4a36f41SAndroid Build Coastguard Worker -traceur_app 57*e4a36f41SAndroid Build Coastguard Worker} stats_service:service_manager find; 58