# bootstat command type bootstat, domain; type bootstat_exec, system_file_type, exec_type, file_type; read_runtime_log_tags(bootstat) # Allow persistent storage in /data/misc/bootstat. allow bootstat bootstat_data_file:dir rw_dir_perms; allow bootstat bootstat_data_file:file create_file_perms; # Collect metrics on boot time created by init get_prop(bootstat, boottime_prop) # Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) set_prop(bootstat, bootloader_boot_reason_prop) set_prop(bootstat, system_boot_reason_prop) set_prop(bootstat, last_boot_reason_prop) # ToDo: TBI move access for the following to a system health HAL # Allow access to /sys/fs/pstore/ and syslog allow bootstat pstorefs:dir search; allow bootstat pstorefs:file r_file_perms; allow bootstat kernel:system syslog_read; # Allow access to reading the logs to read aspects of system health read_logd(bootstat) # Allow bootstat write to statsd. unix_socket_send(bootstat, statsdw, statsd) # ToDo: end neverallow { domain -bootanim -bootstat -dumpstate -init -recovery -shell -system_server } { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; # ... and refine, as these components should not set the last boot reason neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; neverallow { domain -bootstat -init -system_server } { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; # ... and refine ... for a ro propertly no less ... keep this _tight_ neverallow system_server bootloader_boot_reason_prop:property_service set; neverallow { domain -bootstat -init } system_boot_reason_prop:property_service set;