# Car watchdog server.
typeattribute carwatchdogd coredomain;
typeattribute carwatchdogd mlstrustedsubject;

type carwatchdogd_exec, exec_type, file_type, system_file_type;

init_daemon_domain(carwatchdogd)
add_service(carwatchdogd, carwatchdogd_service)
binder_use(carwatchdogd)
binder_service(carwatchdogd)

# Read carwatchdog configuration properties
get_prop(carwatchdogd, carwatchdog_config_prop)

# Configration to communicate with VHAL.
hwbinder_use(carwatchdogd)
get_prop(carwatchdogd, hwservicemanager_prop)
hal_client_domain(carwatchdogd, hal_vehicle)

# Scan through /proc/pid for all processes.
r_dir_file(carwatchdogd, domain)

# Read /proc/uid_io/stats.
allow carwatchdogd proc_uid_io_stats:file r_file_perms;

# Read /proc/stat file.
allow carwatchdogd proc_stat:file r_file_perms;

# Read /proc/diskstats file.
allow carwatchdogd proc_diskstats:file r_file_perms;

# Read /proc/uid_cputime/show_uid_stat file.
allow carwatchdogd proc_uid_cputime_showstat:file r_file_perms;

# Read/Write /proc/pressure/memory file.
allow carwatchdogd proc_pressure_mem:file rw_file_perms;

# List HALs to get pid of vehicle HAL.
allow carwatchdogd hwservicemanager:hwservice_manager list;

# R/W /data/system/car for resource overuse configurations.
allow carwatchdogd system_car_data_file:dir create_dir_perms;
allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms;

# Allow carwatchdogd to set thread scheduling policy and priority.
allow carwatchdogd self:capability sys_nice;
allow carwatchdogd appdomain:process { setsched getsched };