commit aebd92592a27e1980fff2b057390ba3af80d6e53
author Tej Singh <singhtejinder@google.com> Thu Feb 15 08:30:19 2024 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 15 08:30:19 2024 +0000
tree 811216b297d602097087b2e540df1d9a8cce8ebc
parent 37c4c7c500c27542cf89620770092293e53fa69a
parent 000b251c7d3fd72d0fac50ef2840edc0a2bcc007

Merge "stats_service: only disallow untrusted access" into main

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5ea924a..ab8b8d5 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -258,6 +258,9 @@
 # Only privileged apps may find the incident service
 neverallow all_untrusted_apps incident_service:service_manager find;
 
+# Only privileged apps may find stats service
+neverallow all_untrusted_apps stats_service:service_manager find;
+
 # Do not allow untrusted app to read hidden system proprerties.
 # We do not include in the exclusions other normally untrusted applications such as mediaprovider
 #  due to the specific logging use cases.

private/stats.te

diff --git a/private/stats.te b/private/stats.te
index 5790faa..6261303 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -33,28 +33,3 @@
 # Allow statsd to call back to stats with status updates.
 binder_call(statsd, stats)
 
-###
-### neverallow rules
-###
-
-neverallow {
-  domain
-  -dumpstate
-  -gmscore_app
-  -gpuservice
-  -incidentd
-  -keystore
-  -mediametrics
-  -mediaserver
-  -platform_app
-  -priv_app
-  -rkpdapp
-  -shell
-  -stats
-  -statsd
-  -surfaceflinger
-  -system_app
-  -system_server
-  -traceur_app
-  -traced_probes
-} stats_service:service_manager find;