• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# performanced
2type performanced, domain, mlstrustedsubject;
3type performanced_exec, exec_type, file_type;
4
5# Needed to check for app permissions.
6binder_use(performanced)
7binder_call(performanced, system_server)
8allow performanced permission_service:service_manager find;
9
10pdx_server(performanced, performance_client)
11
12# TODO: use file caps to obtain sys_nice instead of setuid / setgid.
13allow performanced self:capability { setuid setgid sys_nice };
14
15# Access /proc to validate we're only affecting threads in the same thread group.
16# Performanced also shields unbound kernel threads.  It scans every task in the
17# root cpu set, but only affects the kernel threads.
18r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger })
19dontaudit performanced domain:dir read;
20allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched;
21
22# Access /dev/cpuset/cpuset.cpus
23r_dir_file(performanced, cgroup)
24