1# Car watchdog server. 2typeattribute carwatchdogd coredomain; 3typeattribute carwatchdogd mlstrustedsubject; 4 5type carwatchdogd_exec, exec_type, file_type, system_file_type; 6 7init_daemon_domain(carwatchdogd) 8add_service(carwatchdogd, carwatchdogd_service) 9binder_use(carwatchdogd) 10binder_service(carwatchdogd) 11 12# Read carwatchdog configuration properties 13get_prop(carwatchdogd, carwatchdog_config_prop) 14 15# Configration to communicate with VHAL. 16hwbinder_use(carwatchdogd) 17get_prop(carwatchdogd, hwservicemanager_prop) 18hal_client_domain(carwatchdogd, hal_vehicle) 19 20# Scan through /proc/pid for all processes. 21r_dir_file(carwatchdogd, domain) 22 23# Read /proc/uid_io/stats. 24allow carwatchdogd proc_uid_io_stats:file r_file_perms; 25 26# Read /proc/stat file. 27allow carwatchdogd proc_stat:file r_file_perms; 28 29# Read /proc/diskstats file. 30allow carwatchdogd proc_diskstats:file r_file_perms; 31 32# Read /proc/uid_cputime/show_uid_stat file. 33allow carwatchdogd proc_uid_cputime_showstat:file r_file_perms; 34 35# Read/Write /proc/pressure/memory file. 36allow carwatchdogd proc_pressure_mem:file rw_file_perms; 37 38# List HALs to get pid of vehicle HAL. 39allow carwatchdogd hwservicemanager:hwservice_manager list; 40 41# R/W /data/system/car for resource overuse configurations. 42allow carwatchdogd system_car_data_file:dir create_dir_perms; 43allow carwatchdogd system_car_data_file:{ file lnk_file } create_file_perms; 44 45# Allow carwatchdogd to set thread scheduling policy and priority. 46allow carwatchdogd self:capability sys_nice; 47allow carwatchdogd appdomain:process { setsched getsched }; 48