| type stats, domain; |
| typeattribute stats coredomain; |
| type stats_exec, exec_type, file_type; |
| |
| # switch to stats domain for stats command |
| domain_auto_trans(shell, stats_exec, stats) |
| |
| # allow stats access to stdout from its parent shell. |
| allow stats shell:fd use; |
| |
| # allow stats to communicate use, read and write over the adb |
| # connection. |
| allow stats adbd:fd use; |
| allow stats adbd:unix_stream_socket { read write }; |
| |
| # allow adbd to reap stats |
| allow stats adbd:process { sigchld }; |
| |
| # Allow the stats command to talk to the statsd over the binder, and get |
| # back the stats report data from a ParcelFileDescriptor. |
| binder_use(stats) |
| allow stats stats_service:service_manager find; |
| binder_call(stats, statsd) |
| allow stats statsd:fifo_file write; |
| |
| # Only statsd can publish the binder service. |
| add_service(statsd, stats_service) |
| |
| # Allow pipes from (and only from) stats. |
| allow statsd stats:fd use; |
| allow statsd stats:fifo_file write; |
| |
| # Allow statsd to call back to stats with status updates. |
| binder_call(statsd, stats) |
| |
| ### |
| ### neverallow rules |
| ### |
| |
| # Only system_server, system_app, traceur_app, and stats command can find the stats service. |
| neverallow { |
| domain |
| -dumpstate |
| -priv_app |
| -shell |
| -stats |
| -statsd |
| -system_app |
| -system_server |
| -traceur_app |
| } stats_service:service_manager find; |