stats_service: only disallow untrusted access

Allow device-specific domains to access stats_service. All access must
be done over proper APIs (StatsManager, AStatsManager) instead of
accessing the AIDL interfaces directly.

Test: build
Bug: 318788254
Change-Id: I98ddc1900350daf755372be7249f25a462e3242d

private/app_neverallows.te

@@ -258,6 +258,9 @@ neverallow {
 # Only privileged apps may find the incident service
 neverallow all_untrusted_apps incident_service:service_manager find;
 
+# Only privileged apps may find stats service
+neverallow all_untrusted_apps stats_service:service_manager find;
+
 # Do not allow untrusted app to read hidden system proprerties.
 # We do not include in the exclusions other normally untrusted applications such as mediaprovider
 #  due to the specific logging use cases.

private/stats.te

@@ -33,28 +33,3 @@ allow statsd stats:fifo_file write;
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)
 
-###
-### neverallow rules
-###
-
-neverallow {
-  domain
-  -dumpstate
-  -gmscore_app
-  -gpuservice
-  -incidentd
-  -keystore
-  -mediametrics
-  -mediaserver
-  -platform_app
-  -priv_app
-  -rkpdapp
-  -shell
-  -stats
-  -statsd
-  -surfaceflinger
-  -system_app
-  -system_server
-  -traceur_app
-  -traced_probes
-} stats_service:service_manager find;