| type perfd, domain, domain_deprecated, mlstrustedsubject; |
| type perfd_exec, exec_type, file_type; |
| |
| init_daemon_domain(perfd) |
| |
| allow perfd self:capability { net_admin chown dac_override fsetid kill }; |
| allow perfd { |
| sysfs_devices_system_cpu |
| sysfs_cpu_online |
| proc |
| sysfs |
| }:file rw_file_perms; |
| |
| allow perfd self:{ netlink_kobject_uevent_socket socket} create_socket_perms; |
| |
| # mpctl socket |
| allow perfd mpctl_socket:sock_file rw_file_perms; |
| |
| # default_values file |
| allow perfd mpctl_data_file:dir rw_dir_perms; |
| allow perfd mpctl_data_file:file create_file_perms; |
| |
| # Allow poll of system_server status |
| r_dir_file(perfd, system_server) |
| |
| |
| # Allow access to /proc/PID |
| allow perfd appdomain:dir r_dir_perms; |
| allow perfd appdomain:file rw_file_perms; |
| |
| # Allow access to thermal sysfs entry |
| r_dir_file(perfd, sysfs_thermal) |
| allow perfd sysfs_thermal:file write; |
| |
| # IRQbalancer access |
| unix_socket_connect(perfd, msm_irqbalance, msm_irqbalanced); |
| |
| # Thermal lib access |
| unix_socket_connect(perfd, thermal, thermal-engine); |
| |
| # Access device nodes inside /dev/cpuctl |
| allow perfd cpuctl_device:chr_file rw_file_perms; |
| |
| # Allow perfd to send signull |
| allow perfd { |
| system_server |
| system_app |
| wfdservice |
| mediaserver |
| thermal-engine |
| surfaceflinger |
| appdomain |
| audioserver |
| }:process signull; |
| |
| #Allow perfd to set properties |
| set_prop(perfd, freq_prop) |
| |
| #Allow writes to /dev/cpu_dma_latency |
| allow perfd device_latency:chr_file w_file_perms; |