Merge "stats_service: only disallow untrusted access" into main am: aebd92592a

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2962926 Change-Id: I8aa5df2f2472046ebc59a76df5bfc3c49a491476 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-15 09:20:12 +00:00 · 2024-02-15 09:20:12 +00:00 · 4ed39a7a6e
commit 4ed39a7a6e
parent dbf77ceff6 aebd92592a
2 changed files with 3 additions and 25 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -258,6 +258,9 @@ neverallow {
 # Only privileged apps may find the incident service
 neverallow all_untrusted_apps incident_service:service_manager find;

+# Only privileged apps may find stats service
+neverallow all_untrusted_apps stats_service:service_manager find;
+
 # Do not allow untrusted app to read hidden system proprerties.
 # We do not include in the exclusions other normally untrusted applications such as mediaprovider
 #  due to the specific logging use cases.
--- a/private/stats.te
+++ b/private/stats.te
@ -33,28 +33,3 @@ allow statsd stats:fifo_file write;
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)

-###
-### neverallow rules
-###
-
-neverallow {
-  domain
-  -dumpstate
-  -gmscore_app
-  -gpuservice
-  -incidentd
-  -keystore
-  -mediametrics
-  -mediaserver
-  -platform_app
-  -priv_app
-  -rkpdapp
-  -shell
-  -stats
-  -statsd
-  -surfaceflinger
-  -system_app
-  -system_server
-  -traceur_app
-  -traced_probes
-} stats_service:service_manager find;