1*e4a36f41SAndroid Build Coastguard Workertype uprobestats, domain, coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workertypeattribute uprobestats bpfdomain; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workertype uprobestats_exec, system_file_type, exec_type, file_type; 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Worker# Allow init to start uprobestats. 8*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(uprobestats) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Workerallow uprobestats fs_bpf_uprobestats:file { read write }; 11*e4a36f41SAndroid Build Coastguard Workerallow uprobestats fs_bpf_uprobestats:dir search; 12*e4a36f41SAndroid Build Coastguard Workerallow uprobestats bpfloader:bpf { map_read map_write prog_run }; 13*e4a36f41SAndroid Build Coastguard Workerallow uprobestats self:capability2 perfmon; 14*e4a36f41SAndroid Build Coastguard Workerallow uprobestats self:perf_event { cpu open write }; 15*e4a36f41SAndroid Build Coastguard Workerallow uprobestats sysfs_uprobe:file { open read }; 16*e4a36f41SAndroid Build Coastguard Workerallow uprobestats sysfs_uprobe:dir { search }; 17*e4a36f41SAndroid Build Coastguard Worker 18*e4a36f41SAndroid Build Coastguard Worker# Allow uprobestats to popen oatdump. 19*e4a36f41SAndroid Build Coastguard Workerallow uprobestats system_file:file rx_file_perms; 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Allow uprobestats to write atoms to statsd 22*e4a36f41SAndroid Build Coastguard Workerunix_socket_send(uprobestats, statsdw, statsd) 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# For registration with system server as a process observer. 25*e4a36f41SAndroid Build Coastguard Workerbinder_use(uprobestats) 26*e4a36f41SAndroid Build Coastguard Workerallow uprobestats activity_service:service_manager find; 27*e4a36f41SAndroid Build Coastguard Workerstarting_at_board_api(202504, ` 28*e4a36f41SAndroid Build Coastguard Worker allow uprobestats dynamic_instrumentation_service:service_manager find; 29*e4a36f41SAndroid Build Coastguard Worker') 30*e4a36f41SAndroid Build Coastguard Workerbinder_call(uprobestats, system_server); 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Worker# Allow uprobestats to talk to native package manager 33*e4a36f41SAndroid Build Coastguard Workerallow uprobestats package_native_service:service_manager find; 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Worker# Allow uprobestats to scan /proc/<pid>/cmdline. 36*e4a36f41SAndroid Build Coastguard Workerr_dir_file(uprobestats, { domain -appdomain }) 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Worker# Allow uprobestats to manage its own config files. 39*e4a36f41SAndroid Build Coastguard Workerallow uprobestats uprobestats_configs_data_file:dir rw_dir_perms; 40*e4a36f41SAndroid Build Coastguard Workerallow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink }; 41