1 type perfd, domain; 2 type perfd_exec, exec_type, vendor_file_type, file_type; 3 4 init_daemon_domain(perfd) 5 6 r_dir_file(perfd, sysfs_msm_subsys) 7 8 # perfd uses kill(pid, 0) to determine if a process exists. 9 # Determining if a process exists does not require the kill capability 10 # since a permission denied indicates the process exists. 11 dontaudit perfd self:capability kill; 12 13 allow perfd mediacodec:process signull; 14 allow perfd hal_power_default:process signull; 15 16 allow perfd cgroup:file r_file_perms; 17 allow perfd post_boot_prop:file r_file_perms; 18 19 allow perfd proc:file rw_file_perms; 20 allow perfd sysfs_clkscale:file r_file_perms; 21 allow perfd sysfs_graphics:dir search; 22 allow perfd sysfs_graphics:file r_file_perms; 23 allow perfd sysfs_soc:dir search; 24 allow perfd sysfs_soc:file r_file_perms; 25 allow perfd sysfs_graphics:dir search; 26 allow perfd sysfs_graphics:file r_file_perms; 27 allow perfd sysfs_msm_subsys:file w_file_perms; 28 allow perfd sysfs_devices_system_cpu:file w_file_perms; 29 30 allow perfd perfd_socket:sock_file write; 31 32 allow perfd latency_device:chr_file w_file_perms; 33