sepolicy/mpdecision.te - device/lge/mako - Git at Google

 # CPU governor (root process)
 type mpdecision, domain;
 type mpdecision_exec, exec_type, file_type;

 # Started by init
 init_daemon_domain(mpdecision)

 permissive mpdecision;

 # CPU hotplug uevent to manage cores
 allow mpdecision self:netlink_kobject_uevent_socket { create setopt bind read };
 allow mpdecision self:capability net_admin;

 # Create under /dev/socket/mpdecision
 allow mpdecision mpdecision_socket:dir w_dir_perms;
 allow mpdecision mpdecision_socket:sock_file { create setattr write };

 # By-product of setting owner on sock_file (don't allow)
 dontaudit mpdecision self:capability fsetid;

 allow mpdecision sysfs_devices_system_cpu:dir search;
 allow mpdecision sysfs_devices_system_cpu:file { open read write getattr };
	# CPU governor (root process)
	type mpdecision, domain;
	type mpdecision_exec, exec_type, file_type;

	# Started by init
	init_daemon_domain(mpdecision)

	permissive mpdecision;

	# CPU hotplug uevent to manage cores
	allow mpdecision self:netlink_kobject_uevent_socket { create setopt bind read };
	allow mpdecision self:capability net_admin;

	# Create under /dev/socket/mpdecision
	allow mpdecision mpdecision_socket:dir w_dir_perms;
	allow mpdecision mpdecision_socket:sock_file { create setattr write };

	# By-product of setting owner on sock_file (don't allow)
	dontaudit mpdecision self:capability fsetid;

	allow mpdecision sysfs_devices_system_cpu:dir search;
	allow mpdecision sysfs_devices_system_cpu:file { open read write getattr };