Merge "Update sepolicy to have system_server access stats_data"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
8b11302e89
2 changed files with 6 additions and 2 deletions
|
|
@ -101,7 +101,7 @@ neverallow {
|
||||||
# Only statsd and the other root services in limited circumstances.
|
# Only statsd and the other root services in limited circumstances.
|
||||||
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
|
# can get to the files in /data/misc/stats-data, /data/misc/stats-service.
|
||||||
# Other services are prohibitted from accessing the file.
|
# Other services are prohibitted from accessing the file.
|
||||||
neverallow { domain -statsd -init -vold } stats_data_file:file *;
|
neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *;
|
||||||
|
|
||||||
# Limited access to the directory itself.
|
# Limited access to the directory itself.
|
||||||
neverallow { domain -statsd -init -vold } stats_data_file:dir *;
|
neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *;
|
||||||
|
|
|
||||||
|
|
@ -135,6 +135,10 @@ allow system_server proc_uid_procstat_set:file { w_file_perms getattr };
|
||||||
# Write to /proc/sysrq-trigger.
|
# Write to /proc/sysrq-trigger.
|
||||||
allow system_server proc_sysrq:file rw_file_perms;
|
allow system_server proc_sysrq:file rw_file_perms;
|
||||||
|
|
||||||
|
# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories.
|
||||||
|
allow system_server stats_data_file:dir { open read remove_name search write };
|
||||||
|
allow system_server stats_data_file:file unlink;
|
||||||
|
|
||||||
# Read /sys/kernel/debug/wakeup_sources.
|
# Read /sys/kernel/debug/wakeup_sources.
|
||||||
allow system_server debugfs:file r_file_perms;
|
allow system_server debugfs:file r_file_perms;
|
||||||
allow system_server debugfs_wakeup_sources:file r_file_perms;
|
allow system_server debugfs_wakeup_sources:file r_file_perms;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue