1 # MpDecision service 2 type mpdecision, domain; 3 type mpdecision_exec, exec_type, file_type; 4 5 init_daemon_domain(mpdecision) 6 7 allow mpdecision self:capability { net_admin fsetid }; 8 9 allow mpdecision self:netlink_kobject_uevent_socket create_socket_perms; 10 11 # Access to /dev/cpu_dma_latency. 12 allow mpdecision latency_device:chr_file w_file_perms; 13 14 # Create and access to /dev/socket/mpdecision 15 allow mpdecision mpdecision_socket:sock_file rw_file_perms; 16 17 # Access to /sys/devices/system/cpu/*. 18 allow mpdecision sysfs_devices_system_cpu:file rw_file_perms; 19 20 # Access to sysfs_thermal nodes. 21 allow mpdecision sysfs_thermal:dir r_dir_perms; 22 allow mpdecision sysfs_thermal:file r_file_perms; 23 24 # Access to mpctl data files and sockets. 25 allow mpdecision perfd_data_file:dir w_dir_perms; 26 allow mpdecision perfd_data_file:file create_file_perms; 27 allow mpdecision perfd_data_file:sock_file create_file_perms; 28 29 # Access to some dynamically generated files under /sys/devices/system/cpu/. 30 allow mpdecision sysfs:file write; 31 32 allow mpdecision self:capability dac_override; 33 34 allow mpdecision sysfs:file r_file_perms; 35 36 allow mpdecision proc:file rw_file_perms; 37
