public/bootstat.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # bootstat command
 type bootstat, domain;
 type bootstat_exec, system_file_type, exec_type, file_type;

 read_runtime_log_tags(bootstat)

 # Allow persistent storage in /data/misc/bootstat.
 allow bootstat bootstat_data_file:dir rw_dir_perms;
 allow bootstat bootstat_data_file:file create_file_perms;

 allow bootstat metadata_file:dir search;
 allow bootstat metadata_bootstat_file:dir rw_dir_perms;
 allow bootstat metadata_bootstat_file:file create_file_perms;

 # ToDo: TBI move access for the following to a system health HAL

 # Allow access to /sys/fs/pstore/ and syslog
 allow bootstat pstorefs:dir search;
 allow bootstat pstorefs:file r_file_perms;
 allow bootstat kernel:system syslog_read;

 # Allow access to reading the logs to read aspects of system health
 read_logd(bootstat)

 # Allow bootstat write to statsd.
 unix_socket_send(bootstat, statsdw, statsd)

 neverallow {
   domain
   -bootstat
   -init
 } system_boot_reason_prop:property_service set;
	# bootstat command
	type bootstat, domain;
	type bootstat_exec, system_file_type, exec_type, file_type;

	read_runtime_log_tags(bootstat)

	# Allow persistent storage in /data/misc/bootstat.
	allow bootstat bootstat_data_file:dir rw_dir_perms;
	allow bootstat bootstat_data_file:file create_file_perms;

	allow bootstat metadata_file:dir search;
	allow bootstat metadata_bootstat_file:dir rw_dir_perms;
	allow bootstat metadata_bootstat_file:file create_file_perms;

	# ToDo: TBI move access for the following to a system health HAL

	# Allow access to /sys/fs/pstore/ and syslog
	allow bootstat pstorefs:dir search;
	allow bootstat pstorefs:file r_file_perms;
	allow bootstat kernel:system syslog_read;

	# Allow access to reading the logs to read aspects of system health
	read_logd(bootstat)

	# Allow bootstat write to statsd.
	unix_socket_send(bootstat, statsdw, statsd)

	neverallow {
	domain
	-bootstat
	-init
	} system_boot_reason_prop:property_service set;