| type perfd, domain; |
| type perfd_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(perfd) |
| |
| r_dir_file(perfd, sysfs_msm_subsys) |
| |
| # perfd uses kill(pid, 0) to determine if a process exists. |
| # Determining if a process exists does not require the kill capability |
| # since a permission denied indicates the process exists. |
| dontaudit perfd self:capability kill; |
| |
| allow perfd mediacodec:process signull; |
| allow perfd hal_power_default:process signull; |
| |
| allow perfd cgroup:file r_file_perms; |
| allow perfd post_boot_prop:file r_file_perms; |
| |
| allow perfd proc:file rw_file_perms; |
| allow perfd sysfs_clkscale:file r_file_perms; |
| allow perfd sysfs_graphics:dir search; |
| allow perfd sysfs_graphics:file r_file_perms; |
| allow perfd sysfs_soc:dir search; |
| allow perfd sysfs_soc:file r_file_perms; |
| allow perfd sysfs_graphics:dir search; |
| allow perfd sysfs_graphics:file r_file_perms; |
| allow perfd sysfs_msm_subsys:file w_file_perms; |
| allow perfd sysfs_devices_system_cpu:file w_file_perms; |
| |
| allow perfd perfd_socket:sock_file write; |
| |
| allow perfd latency_device:chr_file w_file_perms; |