37 lines
1.3 KiB
Text
37 lines
1.3 KiB
Text
type uprobestats, domain, coredomain;
|
|
|
|
typeattribute uprobestats bpfdomain;
|
|
|
|
type uprobestats_exec, system_file_type, exec_type, file_type;
|
|
|
|
# Allow init to start uprobestats.
|
|
init_daemon_domain(uprobestats)
|
|
|
|
allow uprobestats fs_bpf_uprobestats:file { read write };
|
|
allow uprobestats fs_bpf_uprobestats:dir search;
|
|
allow uprobestats bpfloader:bpf { map_read map_write prog_run };
|
|
allow uprobestats self:capability2 perfmon;
|
|
allow uprobestats self:perf_event { cpu open write };
|
|
allow uprobestats sysfs_uprobe:file { open read };
|
|
allow uprobestats sysfs_uprobe:dir { search };
|
|
|
|
# Allow uprobestats to popen oatdump.
|
|
allow uprobestats oatdump_exec:file rx_file_perms;
|
|
|
|
# Allow uprobestats to write atoms to statsd
|
|
unix_socket_send(uprobestats, statsdw, statsd)
|
|
|
|
# For registration with system server as a process observer.
|
|
binder_use(uprobestats)
|
|
allow uprobestats activity_service:service_manager find;
|
|
binder_call(uprobestats, system_server);
|
|
|
|
# Allow uprobestats to talk to native package manager
|
|
allow uprobestats package_native_service:service_manager find;
|
|
|
|
# Allow uprobestats to scan /proc/<pid>/cmdline.
|
|
r_dir_file(uprobestats, { domain -appdomain })
|
|
|
|
# Allow uprobestats to manage its own config files.
|
|
allow uprobestats uprobestats_configs_data_file:dir rw_dir_perms;
|
|
allow uprobestats uprobestats_configs_data_file:file { r_file_perms unlink };
|