1type perfd, domain, device_domain_deprecated; 2type perfd_exec, exec_type, file_type; 3 4init_daemon_domain(perfd) 5 6allow perfd cameraserver:process signull; 7 8allow perfd perfd_data_file:dir rw_dir_perms; 9allow perfd perfd_data_file:file create_file_perms; 10allow perfd perfd_data_file:sock_file create_file_perms; 11 12allow perfd sysfs_performance:dir r_dir_perms; 13allow perfd sysfs_performance:file rw_file_perms; 14allow perfd proc_kernel_sched:file rw_file_perms; 15 16allow perfd sysfs_thermal:dir search; 17allow perfd sysfs_thermal:file rw_file_perms; 18 19allow perfd sysfs_power_management:file w_file_perms; 20 21# allow writing to /sys/devices/system/cpu/* 22allow perfd sysfs_devices_system_cpu:file rw_file_perms; 23 24# perfd uses kill(pid, 0) to determine if a process exists. 25# Determining if a process exists does not require the kill capability 26# since a permission denied indicates the process exists. 27dontaudit perfd self:capability kill; 28