Allow zygote to write to statsd and refactor

am: 98de322a03

Change-Id: I2c4b8f3fe83d9f21c7194d9aafd2654f48596320

private/system_server.te

@@ -167,6 +167,9 @@ unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)
 unix_socket_connect(system_server, uncrypt, uncrypt)
 
+# Allow system_server to write to statsd.
+unix_socket_send(system_server, statsdw, statsd)
+
 # Communicate over a socket created by surfaceflinger.
 allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 

private/zygote.te

@@ -96,6 +96,9 @@ allow zygote sdcardfs:dir { mounton };
 # Handle --invoke-with command when launching Zygote with a wrapper command.
 allow zygote zygote_exec:file rx_file_perms;
 
+# Allow zygote to write to statsd.
+unix_socket_send(zygote, statsdw, statsd)
+
 # Root fs.
 r_dir_file(zygote, rootfs)
 

public/bootstat.te

@@ -26,6 +26,9 @@ allow bootstat kernel:system syslog_read;
 # Allow access to reading the logs to read aspects of system health
 read_logd(bootstat)
 
+# Allow bootstat write to statsd.
+unix_socket_send(bootstat, statsdw, statsd)
+
 # ToDo: end
 
 neverallow {

public/lmkd.te

@@ -49,6 +49,9 @@ allow lmkd proc_sysrq:file rw_file_perms;
 # Read /proc/meminfo
 allow lmkd proc_meminfo:file r_file_perms;
 
+# Allow lmkd to write to statsd.
+unix_socket_send(lmkd, statsdw, statsd)
+
 ### neverallow rules
 
 # never honor LD_PRELOAD

public/statsd.te

@@ -67,10 +67,7 @@ allow statsd adbd:fd use;
 allow statsd adbd:unix_stream_socket { getattr read write };
 allow statsd shell:fifo_file { getattr read };
 
-unix_socket_send(bootstat, statsdw, statsd)
-unix_socket_send(lmkd, statsdw, statsd)
 unix_socket_send(statsd, statsdw, statsd)
-unix_socket_send(system_server, statsdw, statsd)
 
 ###
 ### neverallow rules