type uprobestats, domain, coredomain;

typeattribute uprobestats bpfdomain;

type uprobestats_exec, system_file_type, exec_type, file_type;

# Allow init to start uprobestats.
init_daemon_domain(uprobestats)

allow uprobestats fs_bpf_uprobestats:file { read write };
allow uprobestats fs_bpf_uprobestats:dir search;
allow uprobestats bpfloader:bpf { map_read map_write prog_run };
allow uprobestats self:capability2 perfmon;
allow uprobestats self:perf_event { cpu open write };
allow uprobestats sysfs_uprobe:file { open read };
allow uprobestats sysfs_uprobe:dir { search };

# Allow uprobestats to popen oatdump.
allow uprobestats oatdump_exec:file rx_file_perms;

# Allow uprobestats to write atoms to statsd
unix_socket_send(uprobestats, statsdw, statsd)

# For registration with system server as a process observer.
binder_use(uprobestats)
allow uprobestats activity_service:service_manager find;
binder_call(uprobestats, system_server);

# Allow uprobestats to talk to native package manager
allow uprobestats package_native_service:service_manager find;

# Allow uprobestats to scan /proc/<pid>/cmdline.
r_dir_file(uprobestats, { domain -appdomain })

# Allow uprobestats to manage its own config files.
allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms;
allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink };