| # MpDecision service |
| type mpdecision, domain; |
| type mpdecision_exec, exec_type, file_type; |
| |
| init_daemon_domain(mpdecision) |
| |
| allow mpdecision self:capability { net_admin fsetid }; |
| |
| allow mpdecision self:netlink_kobject_uevent_socket create_socket_perms; |
| |
| # Access to /dev/cpu_dma_latency. |
| allow mpdecision latency_device:chr_file w_file_perms; |
| |
| # Create and access to /dev/socket/mpdecision |
| allow mpdecision mpdecision_socket:sock_file rw_file_perms; |
| |
| # Access to /sys/devices/system/cpu/*. |
| allow mpdecision sysfs_devices_system_cpu:file rw_file_perms; |
| |
| # Access to sysfs_thermal nodes. |
| allow mpdecision sysfs_thermal:dir r_dir_perms; |
| allow mpdecision sysfs_thermal:file r_file_perms; |
| |
| # Access to mpctl data files and sockets. |
| allow mpdecision perfd_data_file:dir w_dir_perms; |
| allow mpdecision perfd_data_file:file create_file_perms; |
| allow mpdecision perfd_data_file:sock_file create_file_perms; |
| |
| # Access to some dynamically generated files under /sys/devices/system/cpu/. |
| allow mpdecision sysfs:file write; |
| |
| allow mpdecision self:capability dac_override; |
| |
| allow mpdecision sysfs:file r_file_perms; |
| |
| allow mpdecision proc:file rw_file_perms; |
