type stats, domain; typeattribute stats coredomain; type stats_exec, system_file_type, exec_type, file_type; # switch to stats domain for stats command domain_auto_trans(shell, stats_exec, stats) # allow stats access to stdout from its parent shell. allow stats shell:fd use; # allow stats to communicate use, read and write over the adb # connection. allow stats adbd:fd use; allow stats adbd:unix_stream_socket { read write }; # allow adbd to reap stats allow stats adbd:process { sigchld }; # Allow the stats command to talk to the statsd over the binder, and get # back the stats report data from a ParcelFileDescriptor. binder_use(stats) allow stats stats_service:service_manager find; binder_call(stats, statsd) allow stats statsd:fifo_file write; # Only statsd can publish the binder service. add_service(statsd, stats_service) # Allow pipes from (and only from) stats. allow statsd stats:fd use; allow statsd stats:fifo_file write; # Allow statsd to call back to stats with status updates. binder_call(statsd, stats) ### ### neverallow rules ### neverallow { domain -dumpstate -gmscore_app -gpuservice -incidentd -keystore -mediametrics -mediaserver -platform_app -priv_app -rkpdapp -shell -stats -statsd -surfaceflinger -system_app -system_server -traceur_app -traced_probes } stats_service:service_manager find;