Merge "Update sepolicy of statsd to be able to find incident_service" am: 356772e491 am: 4917fe8b1e
am: 70e5947398
Change-Id: I533c02e4d1e4bf5aab57fab04ae02307a7f47119
This commit is contained in:
yro
android-build-merger
commit
e3b63e0f28
2 changed files with 10 additions and 2 deletions
|
|
@ -99,7 +99,14 @@ binder_call(incidentd, incident)
|
|||
###
|
||||
|
||||
# only system_server, system_app and incident command can find the incident service
|
||||
neverallow { domain -system_server -system_app -incident -incidentd } incident_service:service_manager find;
|
||||
neverallow {
|
||||
domain
|
||||
-incident
|
||||
-incidentd
|
||||
-statsd
|
||||
-system_app
|
||||
-system_server
|
||||
} incident_service:service_manager find;
|
||||
|
||||
# only incidentd and the other root services in limited circumstances
|
||||
# can get to the files in /data/misc/incidents
|
||||
|
|
|
|||
|
|
@ -41,8 +41,9 @@ unix_socket_connect(statsd, traced_consumer, traced)
|
|||
|
||||
# Grant statsd with permissions to register the services.
|
||||
allow statsd {
|
||||
statscompanion_service
|
||||
app_api_service
|
||||
incident_service
|
||||
statscompanion_service
|
||||
system_api_service
|
||||
}:service_manager find;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue