Merge "Allow traced_probes to subscribe to statsd atoms" am: c9ff8d010b am: 121da8e36f

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2501735 Change-Id: I2d352a3b135999d1c49622ca0bfea9ab59724262 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-03-27 17:02:15 +00:00 · 2023-03-27 17:02:15 +00:00 · 47b65e7f6b
commit 47b65e7f6b
parent 87c666527f 121da8e36f
3 changed files with 5 additions and 1 deletions
--- a/private/stats.te
+++ b/private/stats.te
@ -56,4 +56,5 @@ neverallow {
  -system_app
  -system_server
  -traceur_app
+  -traced_probes
 } stats_service:service_manager find;
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@ -100,8 +100,10 @@ hal_client_domain(traced_probes, hal_atrace)
 # On debug builds allow to ingest system logs into the trace.
 userdebug_or_eng(`read_logd(traced_probes)')

-# Allow traced_probes to talk to statsd for logging metrics.
+# Allow traced_probes to talk to statsd for logging metrics and recording atoms.
 unix_socket_send(traced_probes, statsdw, statsd)
+binder_call(traced_probes, statsd)
+allow traced_probes stats_service:service_manager find;

 ###
 ### Neverallow rules
--- a/public/statsd.te
+++ b/public/statsd.te
@ -34,6 +34,7 @@ allow statsd stats_config_data_file:file create_file_perms;
 binder_call(statsd, appdomain)
 binder_call(statsd, incidentd)
 binder_call(statsd, system_server)
+binder_call(statsd, traced_probes)

 # Allow statsd to interact with gpuservice
 allow statsd gpu_service:service_manager find;