1# MpDecision service
2type mpdecision, domain;
3type mpdecision_exec, exec_type, file_type;
4
5init_daemon_domain(mpdecision)
6
7allow mpdecision self:capability { net_admin fsetid };
8
9allow mpdecision self:netlink_kobject_uevent_socket create_socket_perms;
10
11# Access to /dev/cpu_dma_latency.
12allow mpdecision latency_device:chr_file w_file_perms;
13
14# Create and access to /dev/socket/mpdecision
15allow mpdecision mpdecision_socket:sock_file rw_file_perms;
16
17# Access to /sys/devices/system/cpu/*.
18allow mpdecision sysfs_devices_system_cpu:file rw_file_perms;
19
20# Access to sysfs_thermal nodes.
21allow mpdecision sysfs_thermal:dir r_dir_perms;
22allow mpdecision sysfs_thermal:file r_file_perms;
23
24# Access to mpctl data files and sockets.
25allow mpdecision perfd_data_file:dir w_dir_perms;
26allow mpdecision perfd_data_file:file create_file_perms;
27allow mpdecision perfd_data_file:sock_file create_file_perms;
28
29# Access to some dynamically generated files under /sys/devices/system/cpu/.
30allow mpdecision sysfs:file write;
31
32allow mpdecision self:capability dac_override;
33
34allow mpdecision sysfs:file r_file_perms;
35
36allow mpdecision proc:file rw_file_perms;
37