Merge "[SfStats] sepolicy for SfStats' global puller"

2020-01-15 17:25:54 +00:00 · 2020-01-15 17:25:54 +00:00 · 41a1b4af9c
commit 41a1b4af9c
parent 679b417ccd f5df7b4467
3 changed files with 8 additions and 0 deletions
--- a/private/stats.te
+++ b/private/stats.te
@ -47,6 +47,7 @@ neverallow {
  -shell
  -stats
  -statsd
+  -surfaceflinger
  -system_app
  -system_server
  -traceur_app
--- a/private/statsd.te
+++ b/private/statsd.te
@ -19,3 +19,6 @@ allow statsd incidentd:fifo_file write;

 # Allow StatsCompanionService to pipe data to statsd.
 allow statsd system_server:fifo_file { read getattr };
+
+# Allow statsd to retrieve SF statistics over binder
+binder_call(statsd, surfaceflinger);
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@ -114,6 +114,10 @@ pdx_server(surfaceflinger, display_vsync)
 pdx_client(surfaceflinger, bufferhub_client)
 pdx_client(surfaceflinger, performance_client)

+# Allow supplying timestats statistics to statsd
+allow surfaceflinger stats_service:service_manager find;
+binder_call(surfaceflinger, statsd);
+
 ###
 ### Neverallow rules
 ###