tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update sepolicy to have system_server access stats_data

Browse source 
Bug: 75968642
Test: manual testing to check for sepolicy violation
Cherry-picked from aosp/652222

Change-Id: Idc83669feaf9fd17bed26f89dfce33e3f2f5424f
This commit is contained in:
yro 2018-03-30 18:40:30 -07:00
parent aebeae8156
commit 7cacc85daf
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/statsd.te
View file

@ -101,7 +101,7 @@ neverallow {
# Only statsd and the other root services in limited circumstances.
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
# Other services are prohibitted from accessing the file.
neverallow { domain -statsd -init -vold } stats_data_file:file *;
neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
# Limited access to the directory itself.
neverallow { domain -statsd -init -vold } stats_data_file:dir *;
neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;

4
private/system_server.te
View file

@ -139,6 +139,10 @@ allow system_server proc_sysrq:file rw_file_perms;
allow system_server debugfs:file r_file_perms;
allow system_server debugfs_wakeup_sources:file r_file_perms;
# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
allow system_server stats_data_file:dir { open read remove_name search write };
allow system_server stats_data_file:file unlink;
# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms_no_ioctl;