1 type perfd, domain, device_domain_deprecated; 2 type perfd_exec, exec_type, file_type; 3 4 init_daemon_domain(perfd) 5 6 allow perfd cameraserver:process signull; 7 8 allow perfd perfd_data_file:dir rw_dir_perms; 9 allow perfd perfd_data_file:file create_file_perms; 10 allow perfd perfd_data_file:sock_file create_file_perms; 11 12 allow perfd sysfs_performance:dir r_dir_perms; 13 allow perfd sysfs_performance:file rw_file_perms; 14 allow perfd proc_kernel_sched:file rw_file_perms; 15 16 allow perfd sysfs_thermal:dir search; 17 allow perfd sysfs_thermal:file rw_file_perms; 18 19 allow perfd sysfs_power_management:file w_file_perms; 20 21 # allow writing to /sys/devices/system/cpu/* 22 allow perfd sysfs_devices_system_cpu:file rw_file_perms; 23 24 # perfd uses kill(pid, 0) to determine if a process exists. 25 # Determining if a process exists does not require the kill capability 26 # since a permission denied indicates the process exists. 27 dontaudit perfd self:capability kill; 28
