xref: /aosp_15_r20/system/sepolicy/private/statsd.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290)

typeattribute statsd coredomain;

init_daemon_domain(statsd)

# Allow to exec the perfetto cmdline client and pass it the trace config on
# stdint through a pipe. It allows statsd to  capture traces and hand them
# to Android dropbox.
allow statsd perfetto_exec:file rx_file_perms;
domain_auto_trans(statsd, perfetto_exec, perfetto)

# Grant statsd with permissions to register the services.
allow statsd {
  statscompanion_service
}:service_manager find;

# Allow incidentd to obtain the statsd incident section.
allow statsd incidentd:fifo_file write;

# Allow StatsCompanionService to pipe data to statsd.
allow statsd system_server:fifo_file { read write getattr };

# Allow any app to pipe data to statsd.
# Access control to all statsd APIs inherit from system_api_service, so
# appdomain permissions are granted to avoid listing each individual
# service that can access system_api_service.
allow statsd appdomain:fifo_file { read write getattr };

# Allow statsd to retrieve SF statistics over binder
binder_call(statsd, surfaceflinger);

# Allow statsd to read its system properties
get_prop(statsd, device_config_statsd_native_prop)
get_prop(statsd, device_config_statsd_native_boot_prop)

# Allow statsd to read misctl properties (for 16 KB)
get_prop(statsd, misctrl_prop)

# Allow statsd to write uprobestats configs.
allow statsd uprobestats_configs_data_file:dir rw_dir_perms;
allow statsd uprobestats_configs_data_file:file create_file_perms;

# Allow statsd to trigger uprobestats via property.
set_prop(statsd, uprobestats_start_with_config_prop);

# Allow statsd to use io_uring
io_uring_use(statsd)

# Allow statsd to start the uprobestats service.
set_prop(statsd, ctl_uprobestats_prop)
binder_use(statsd)

# Allow statsd to scan through /proc/pid for all processes.
r_dir_file(statsd, domain)

# Allow executing files on system, such as running a shell or running:
#   /system/bin/toolbox
#   /system/bin/logcat
#   /system/bin/dumpsys
allow statsd devpts:chr_file { getattr ioctl read write };
allow statsd shell_exec:file rx_file_perms;
allow statsd system_file:file execute_no_trans;
allow statsd toolbox_exec:file rx_file_perms;

userdebug_or_eng(`
  allow statsd su:fifo_file read;
')

# Create, read, and write into
#   /data/misc/stats-active-metric
#   /data/misc/stats-data
#   /data/misc/stats-metadata
#   /data/misc/stats-service
#   /data/misc/train-info
allow statsd stats_data_file:dir create_dir_perms;
allow statsd stats_data_file:file create_file_perms;
allow statsd stats_config_data_file:dir create_dir_perms;
allow statsd stats_config_data_file:file create_file_perms;

# Allow statsd to make binder calls to any binder service.
binder_call(statsd, appdomain)
binder_call(statsd, incidentd)
binder_call(statsd, system_server)
binder_call(statsd, traced_probes)

# Allow statsd to interact with gpuservice
allow statsd gpu_service:service_manager find;
binder_call(statsd, gpuservice)

# Allow statsd to interact with keystore to pull atoms
allow statsd keystore_service:service_manager find;
binder_call(statsd, keystore)

# Allow statsd to interact with mediametrics
allow statsd mediametrics_service:service_manager find;
binder_call(statsd, mediametrics)

# Allow statsd to interact with mediametrics
allow statsd mediaserver_service:service_manager find;
binder_call(statsd, mediaserver)

# Allow logd access.
read_logd(statsd)
control_logd(statsd)

# Grant statsd with permissions to register the services.
allow statsd {
  app_api_service
  incident_service
  system_api_service
}:service_manager find;

# Grant statsd to access health hal to access battery metrics.
allow statsd hal_health_hwservice:hwservice_manager find;

# Allow statsd to send dump info to dumpstate
allow statsd dumpstate:fd use;
allow statsd dumpstate:fifo_file { getattr write };

# Allow access to with hardware layer and process stats.
allow statsd proc_uid_cputime_showstat:file { getattr open read };
hal_client_domain(statsd, hal_health)
hal_client_domain(statsd, hal_power)
hal_client_domain(statsd, hal_power_stats)
hal_client_domain(statsd, hal_thermal)

# Allow 'adb shell cmd' to upload configs and download output.
allow statsd adbd:fd use;
allow statsd adbd:unix_stream_socket { getattr read write };
allow statsd shell:fifo_file { getattr read write };

unix_socket_send(statsd, statsdw, statsd)

###
### neverallow rules
###

# Only statsd and the other root services in limited circumstances.
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
# Other services are prohibitted from accessing the file.
neverallow { domain -statsd -init -vold } stats_data_file:file *;
neverallow { domain -statsd -system_server -init -vold } stats_config_data_file:file *;


# Limited access to the directory itself.
neverallow { domain -statsd -init -vold } stats_data_file:dir *;
neverallow { domain -statsd -system_server -init -vold } stats_config_data_file:dir *;