From bad4165f25fc1fdbfed8efec69b5e03017569eb1 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Mon, 12 Apr 2021 21:27:12 +0000 Subject: [PATCH] Enable pull metrics from keystore Allow keystore to call statsd. Allow statsd to call back to keystore to pull atoms. Bug: 172013262 Test: atest system/keystore/keystore2 Test: statsd_testdrive 10103 Change-Id: I2d1739e257e95b37cc61f655f98f7a2724df7d76 --- private/keystore.te | 4 ++++ private/stats.te | 1 + public/statsd.te | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/private/keystore.te b/private/keystore.te index aa902d536..3fccf5991 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -20,6 +20,10 @@ get_prop(keystore, device_logging_prop) # Allow keystore to write to statsd. unix_socket_send(keystore, statsdw, statsd) +# Allow keystore to register callbacks with statsd. +allow keystore stats_service:service_manager find; +binder_call(keystore, statsd); + # Keystore need access to the keystore_key context files to load the keystore key backend. allow keystore keystore2_key_contexts_file:file r_file_perms; diff --git a/private/stats.te b/private/stats.te index 9b9d4baae..db29072df 100644 --- a/private/stats.te +++ b/private/stats.te @@ -43,6 +43,7 @@ neverallow { -gmscore_app -gpuservice -incidentd + -keystore -mediametrics -platform_app -priv_app diff --git a/public/statsd.te b/public/statsd.te index baf05d4b7..670f4c702 100644 --- a/public/statsd.te +++ b/public/statsd.te @@ -33,6 +33,10 @@ binder_call(statsd, system_server) allow statsd gpu_service:service_manager find; binder_call(statsd, gpuservice) +# Allow statsd to interact with keystore to pull atoms +allow statsd keystore_service:service_manager find; +binder_call(statsd, keystore) + # Allow statsd to interact with mediametrics allow statsd mediametrics_service:service_manager find; binder_call(statsd, mediametrics)