1 type perfd, domain, domain_deprecated; 2 type perfd_exec, exec_type, file_type; 3 4 init_daemon_domain(perfd) 5 6 # Data file accesses. 7 allow perfd perfd_data_file:dir create_dir_perms; 8 allow perfd perfd_data_file:file create_file_perms; 9 10 # Socket creation under /data/misc/perfd 11 allow perfd perfd_data_file:sock_file create_file_perms; 12 13 allow perfd sysfs_performance:dir search; 14 allow perfd sysfs_performance:file rw_file_perms; 15 16 allow perfd sysfs_thermal:dir search; 17 allow perfd sysfs_thermal:file rw_file_perms; 18 19 allow perfd proc_kernel_sched:file rw_file_perms; 20 21 # allow writing to /sys/devices/system/cpu/* 22 allow perfd sysfs_devices_system_cpu:file rw_file_perms; 23 24 # access to /sys/module/lpm_levels/parameters/sleep_disabled 25 allow perfd sysfs_power_management:file w_file_perms; 26 27 # perfd uses kill(pid, 0) to determine if a process exists. 28 # Determining if a process exists does not require the kill capability 29 # since a permission denied indicates the process exists. 30 dontaudit perfd self:capability kill; 31 32 allow perfd cameraserver:process signull;
